23542300x800000000000000013966Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:01.928{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FD52EE798D1D6D810056DD1FBC1288D3,SHA256=DE482984170EBAA8842FA0A75DDCC7CC173EF4BEA55BE4AC994F7C633AF6BEC3,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000029872Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:18:58.732{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52037-false10.0.1.12-8000- 23542300x800000000000000013967Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:02.975{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=15AB5686FECB74342D90ED5890E1E0E5,SHA256=92472C498C2800BC25E9CD5605F74B05CD1A85533CC41BD54F8AC5ED7810CCA4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000029873Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:02.010{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=81360F373F8AD676961B13A72640EBE2,SHA256=814D6EBB3843090C0FECF3919AEBD2CDE5ED91B706D9A9AE4221AC80C2532A7C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013968Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:03.975{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5F531164A4F4A0490D4C169FE05EBFF6,SHA256=E62EEDF2C601C37E2C1260026248F26CB19C67D377312427371DD2BB691BF499,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000029874Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:03.026{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40A6A8D258772A22E301084DCF4BED4F,SHA256=DB16A3FD45A50200247A2F8CC37D2BA42F72FBC9C19421BF543BE3CB083B5330,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000029875Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:04.026{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8714233BAC2A500B7580FEF0FD73915C,SHA256=3ACD955ADF931F5FF0B2ABCF7F0ACCDB245AFAD0A25FAFFA97A65B70E752D78E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013970Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:05.178{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=08345AFFA3BA495386700FCB8DC8001B,SHA256=6B6D1B50F49A1321DE3D81460B219ED386DDBD4E95C36CE19B22ADC74D849930,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000013969Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:03.228{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50331-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000029876Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:05.041{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8089B9128B05628752253C950709063B,SHA256=E0CA08E492FADD042443F4AA8CCF3DF8D097FC891BEA9CD9EDA5E4027A7BAD5A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000029877Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:06.041{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C4137EA37C28CC4AAC0A5163C372B943,SHA256=138CBC524C7C78DEC7E18A5A4B741C47F4BD055A4B903D7A70641AD936E7B2E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013971Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:06.194{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E8220799F02906A09A7D35E514C5FC38,SHA256=6B4DB2725FBA03E22B0BE1F94AF0F8E790844B819CBAC4DBE50BBC48477D637C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013972Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:07.209{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FC76B365615C8B54AEE1D71255A79696,SHA256=B547B7CEEE316108265B79BA24586F01F2662825C239153FD23AFADF8BED03D5,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000029879Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:04.732{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52038-false10.0.1.12-8000- 23542300x800000000000000029878Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:07.057{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C0A7C670B3409A7567D3F6E3AF25224C,SHA256=562A6A948FC358C4E77E53E857B2AFF789ECCD916981A3D86463066689060A53,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013973Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:08.209{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=175CE723AF48E3A7A77328B62B9A5247,SHA256=D3832E93C456314E33E28FE2D7F389BD2BDF9869609E33E5F911925223B15449,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000029880Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:08.057{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=32D06076374F706A079E44234B6C5CE1,SHA256=1AA156946D3C70F93B972EB1B96B426549A2356EBB07AAD0C6D4C9545801B216,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013974Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:09.209{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F6B5431DCE2E4D7636D1DE792C8B168B,SHA256=187E3BA6D3B22B13CF7BD2C0BB23A3EEEFBA37B866170251629FF828D265DC36,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000029881Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:09.057{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=314E9255B6ED5467E477653D7B0B7C5D,SHA256=74859D6BBF8ECA7C90B3E31D80EA6D2DEE2375BE77DC0DE79FDF8010032E68E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013975Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:10.225{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC0A50254D0AD00740807B5245E1DBAE,SHA256=DDE6FF3FCFBB7C1A91E74F7104C0BEEA8983DB62C81A5F5A1DD604FBA2598285,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000029882Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:10.072{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FDC983F23E0EBF944AD581CF6834696F,SHA256=70788C50EA5E3A41A52C4AE9E6983422B0A0FBA642B46282D0C6BF4154C2E94C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013977Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:11.443{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=94DF3FD90E0ED67BEFB6645DD0583ADD,SHA256=BAECAD2FC322876FC8E6D6CA75642163A061D0AC2BD5FE08FABD855A1A8151B7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000029884Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:09.732{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52039-false10.0.1.12-8000- 23542300x800000000000000029883Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:11.088{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0215ADE89CA7FFC51A1E1A52EAB669DA,SHA256=DC4AF5E3DC0A2B2D15292DE243BEC80970D03E8F098B4D36159270A84F995EBD,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000013976Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:09.181{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50332-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000013978Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:12.678{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=695529DCA27513BCCC63B00EB8578806,SHA256=066AC2D82FA9D30593FBE72DF0D1E3326286DA58399E726C8A1198BBC04806CA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000029918Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:12.119{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029917Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:12.119{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029916Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:12.119{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029915Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:12.119{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029914Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:12.119{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029913Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:12.119{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029912Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:12.119{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029911Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:12.119{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029910Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:12.119{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029909Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:12.119{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029908Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:12.119{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029907Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:12.119{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029906Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:12.119{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029905Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:12.119{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029904Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:12.119{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029903Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:12.119{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029902Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:12.119{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029901Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:12.119{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029900Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:12.119{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029899Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:12.119{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029898Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:12.119{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029897Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:12.119{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029896Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:12.119{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029895Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:12.119{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029894Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:12.119{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029893Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:12.119{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029892Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:12.119{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029891Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:12.119{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029890Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:12.119{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029889Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:12.119{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029888Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:12.119{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029887Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:12.119{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029886Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:12.119{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000029885Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:12.088{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E516E3C326194AD7FB19DFB5513CCCDC,SHA256=1B16EA566466FB035D764CC883536F4252A567E25BC4765657BCC6A25FA961F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013979Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:13.912{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=240359DDD46D3814D591A78EA38E5FA0,SHA256=EB2B952E7A6E830C2334065FE4251873D05F0CE8A5D0E47E14513269997EC673,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000029919Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:13.291{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=48AA3D8127A401A1BAEA457CEA0BFF85,SHA256=16CE68173557D6870914CC2FEDFA6E175B7497B7A57D43A027F8B7AB46723EF4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013980Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:14.975{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE7FA850526737E9A94FD54DEF4B7D23,SHA256=F345DCB94646E711635639DCE2B326C152B8A364F48D7E0492C87E79A8CF678D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000029920Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:14.291{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=71FBFD85B8ECEDE7CA38E4FC1A9E7A50,SHA256=A2DCF082A404E4926855F0D078D6EA4A9EDAAAD7B57E0334DC9E481D4C33CBBC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000029921Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:15.322{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7C6E2832D29779E929DE5123AA67219C,SHA256=887CBE86A634B5B1F210778D4E7675C2EA6E096208DEB74101C7A91D433DF867,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000029922Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:16.385{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A03317C3C057E10526B9B2360446FCC9,SHA256=673045F2116B1E89222EAE1CEB36525DF4912215005B851850066F79E5407FD5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013981Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:16.068{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D620F590C7BD31E22A73C5F8CDC87F0B,SHA256=BC85076318FC89C14B29383D1447F2D041867BD8222B0BBC0DC73B0AC358A0DF,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000013983Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:15.087{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50333-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000013982Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:17.240{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E4434A219D7909DE45AEFB2ACE18E8D6,SHA256=701E64A87F46341DD92C9ADF297DA0B4619A386DEF5DFB883D727DEB5C7C1A2F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000029926Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:17.666{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F4B1FCE80456E8143C2D8D3604DFAE6F,SHA256=7E7CFBFECCAA56EBB5B543E4B4EA9C96D9B9107CC22BDC6C21DD76CF8606F4EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000029925Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:17.666{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=10D8C0522420B5C474228A69E27B89A0,SHA256=6DBC6BDB51857C460E4485B283DF5D34A3596F4F010F25F85738BDA12E158B3E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000029924Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:14.794{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52040-false10.0.1.12-8000- 23542300x800000000000000029923Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:17.400{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8EF597F1E4752B3C894CA5F863C11892,SHA256=254D338A7C0835790218DFCC6BDC74F2ED11E4A124BADE9A9DE27EB15C656410,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000029929Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:16.216{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52041-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x800000000000000029928Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:16.216{6EDEAD03-FC2A-615B-2900-00000000FB01}2912C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52041-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 23542300x800000000000000029927Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:18.433{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A8662FB093EB9AFBD2E3B7049D626B7,SHA256=03D18FC19FA13426C46B6544561A89F539E276DFD9AD79BAD949608DFBF2E525,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013984Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:18.240{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E8E56B1D51B5B42521469D4266A42D80,SHA256=48FC7E433F55B72C2762668B846E08C76E0F83B658875709C034CAA9E6684CF5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000029930Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:19.464{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2A4CB7414F5E2D52290B55EBB00DAEAE,SHA256=E6F2BE960FC5907DD3AD40C85B42FF3EF28E1357E31D728341B89A89182AD395,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013985Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:19.241{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF28C0F8B5F3B132E15584BAC2785BDE,SHA256=3A9BA5BD2F456CF25B710886896A2D9F33310FD7C1F218842CC0B0EEBB978730,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000029931Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:20.511{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F5429FF6EEA15DE6EA04DB9743D04707,SHA256=BF214574C4AFAF7A55175CB80162EF9642246295CD05FAF208F06581C3A90C23,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013986Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:20.241{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D840E068B206D1BF915176A433A6D27F,SHA256=1F3CAC625A48E10F90B0162585CD449CCCDDC625C7462B696450894ABFDDD96B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000029932Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:21.714{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A3F6C2F731BBFEF3EC4F7C52C7A31C68,SHA256=69A7BD6091DFA6077B740575815737A1E4104EBF67D623BBA76B389C9A823723,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013987Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:21.241{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F102E6E156C5ADED166140F81F05D509,SHA256=80E56D73BCD8459B6B5B8617B967C7469581E51ACA2067F8C757CB092E584B77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000029933Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:22.823{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=94B10594AACBB8CFDEC6D8DC41BA60A8,SHA256=AD1CDCA153241BC090B85142034321C8AD2C0DCD602FD6BDCFBFDDD76A5E0227,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000013989Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:20.245{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50334-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000013988Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:22.241{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E4949CD01935C2FC6105C690FEC7AFB,SHA256=8E9F4D3D3642E2CED91C32B29C19B5120FE16569559092FF5B0BD62504455585,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000029935Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:23.839{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=68656434D3EC02298458364451716654,SHA256=6E327AA5543AB1E2BF7F992FBC1DF8BCC9AD04449B4CBFCEB39F333306775638,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013990Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:23.273{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F911E124E19EC9C9B27D86EFC385C6AE,SHA256=DBA4CC8788FBAD28399F235C5927CDA5523642DA7B171BEF6D440E090445570E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000029934Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:20.795{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52042-false10.0.1.12-8000- 23542300x800000000000000029936Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:24.855{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=435B42CAA7A91D3E98DC5B71C8194EBC,SHA256=3D1F8F15FF988B629FC82EC11C881D157A65BA4C4CD10FE8B6A5E97205534D01,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013991Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:24.272{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=87D849E447ACDCCC14BB7B3ECC2A9E20,SHA256=F60ED846EF7AD3590BAF75D5F3696422EF48A418DD7086BF5520E941149DBA6A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000029937Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:25.886{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=64ACCDFA8FA96E6A11C58A8BB6785766,SHA256=504909AE0517BB7D804ACE7AE19AD6696D5386DEDB9DCE0C43C57871865FAA3C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013992Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:25.507{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0AA6D8301771508740B4920DFDB43B0B,SHA256=E3F6C4DC59EE50CCC66E58E931AF2941CC297844EB9F16578059FF66CA4301CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013993Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:26.741{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F69F7B73797633227C96BDD8D0B948E4,SHA256=C7DFEF7B8AC1E97919BA9B5568E959F58FC0F4151AEBDFAE0A5896D6A64D1B19,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013994Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:27.804{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6B24E66F99A008D812DBC7235B8719AF,SHA256=F54618670FAA2B811E4B70124E014D64B51554A70ADA0F3C4A58CEC5D0E28E4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000029938Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:27.058{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=64C0D1CEF26DB5D36CAB5F191309C2AB,SHA256=031F02AF3327EE6205A66F41F4DE4EF399ACB96C14126D5F4D631DBAC0B13851,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013996Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:28.944{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E52167B43FDF58DEBBC66B8DDD993D44,SHA256=A62DB15001542AB0523E840896E23D5F0A9DEB3E9FB07E65D6DC38F90EDAB16A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000029940Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:26.655{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52043-false10.0.1.12-8000- 23542300x800000000000000029939Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:28.089{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D9EB6C4DA077790051366B67535CBC46,SHA256=778F7ABB185BB127BD18C8C8D1343C78F85F747B4510BD53464D1510A2555F6F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000013995Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:26.213{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50335-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000013997Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:29.960{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=948EA83935B9329AFF9081CA032485EB,SHA256=794346E5B381320171D9B37631AB33E13A957F37BB3D2CE8009B936D12BA7164,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000029941Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:29.136{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D397FE89C8E299AD79CF524E03B2C040,SHA256=479207DBE8746AADF99330EA7FCA84612B83080BBA5840B2AA604DA0505FEBFD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013998Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:30.976{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=00AC1119D45522A8E4C510624542F450,SHA256=7F04B1893EE35CE660272DA353A45DA8AEB9E5A4404AD5D2D1287996A924B403,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000029942Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:30.198{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=210AA06673590A65663F6C5343B4138D,SHA256=BDB2B51B004B0C8E8644EFFC8579E9CFC385575C2A20A5C64B41E6FE9B255B7B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000029943Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:31.230{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8351793F868F9241B4DD8FD7D23D779E,SHA256=A25190667A03C0BB3C1C42AF0C514C41F1FF8E5D55C21A7E0B291AE89CD55C98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014000Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:32.444{49C67628-FDEB-615B-1100-00000000FC01}964NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=937D21347A69411B9C3DC3E7D970D87E,SHA256=E7E74B81CAC87CA09119034B9ADB24527BAFD630BD8F1AFE92B91252C7B0CE94,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000013999Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:32.210{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B3F2CE7CF7C59846C564D2AC713C4C66,SHA256=B8B372301A220DB177C38052682336E2DDFB424214BC6E641106806BF290322B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000029945Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:30.315{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local63300- 23542300x800000000000000029944Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:32.276{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BD525C062B9418BAED65CB7C75633E92,SHA256=6CF1097A826BE13DC2C002D99179A8A867B09EDA09CBF08627E5F99055A5C416,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014002Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:32.151{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50336-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000014001Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:33.288{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4596A6F7C8E783D30BD321ED184835D4,SHA256=A3DC67D6FF933B480C28A724058FF87C2C9D0AC648E04015192684CF7E58CF2D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000029947Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:30.316{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local55748- 23542300x800000000000000029946Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:33.292{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3254C179D519E430B782130139409A86,SHA256=3DC540BAFC9625F9436005406BA602E2E9001C37AC9C434CDC3EDBFB79FBAA1E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000029949Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:32.655{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52044-false10.0.1.12-8000- 23542300x800000000000000029948Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:34.323{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF8E6B6F53BE3353AE84F723A11C5A62,SHA256=5F849759B7B246D8E143D461D1DBAAEDE1C255E5CBECB4DFCCB1B1B376A5857F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014003Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:34.288{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BD27D1D25AAD88FC0B2666D460C5B565,SHA256=4371F6080D0D50FA3A6361EF52DA12B71FAD4F07F702E3564DCD41C8CB2552C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014004Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:35.288{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E58BCA32BBDC7CEFE800EF7B1F5789B,SHA256=0B6AE9660E88913CD853131993BF158451526B1CB2E63737866F51E467DA99B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000029951Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:35.545{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211005071805-059MD5=AA6F78CCC35FD74424B933C975A9F779,SHA256=482DFC86E7C4A11E76E3E352EB64B396C84C083D9F57F37823883232EC55A225,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000029950Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:35.324{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5A81CD10730B4AB6B6A02DFD3826201C,SHA256=75C269DDAD62E7E7B29C177154B96EE8878147B49B444894EDB38BAF6B5DAA7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000029953Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:36.560{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211005071802-060MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000029952Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:36.340{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=33C8B7D5DB3CD2C7A6A98878122FB001,SHA256=21F0E0FE98364677D10F5C479E5A194EE97A936CA915A4B82179D5F1BBC823A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014005Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:36.413{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E7E11A58A18C5509D5BEB308C38F8CF7,SHA256=68E97F9FE97FF3A8183D185367E27E37548F2BB6D8BD624EDF656EEC698B865F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000029954Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:37.560{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13E0A57D812D97BA9D6322486E4206D8,SHA256=6B4FD947B6AC369E1F85118B65CE23FBF932320717A3EF356EA6D4F97AF9715A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014006Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:37.554{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=919D1B41D4E38D771EE8F26B922FAB20,SHA256=50D5C4CDF7FCE5A09045BC860938EE6F720DCD16537C24EEA6B9C5A9FECFE27E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014008Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:38.663{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B60FE4F31D986FA8D714E0B8B88BAE0B,SHA256=AAD2BE13A32DAEC9BA614FF3B05384EF1B34072F24DC89E0A434C71A078E3088,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000029955Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:38.607{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EB25D80BA659C68930E32A45E91E3F21,SHA256=6D954BC76559A46DDA46B9A8368D96476BA7F04466FFFB890503879B5A53D38E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014007Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:37.183{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50337-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000014009Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:39.668{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B8F20631847B23B58902FB15DBC151C2,SHA256=53278D912B9CD2242EDC1003D42F1CB56EF7B3C18B76A2DC967AEC0A8DD220CC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000029965Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:39.734{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0A9B-615C-2F06-00000000FB01}4292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029964Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:39.734{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029963Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:39.734{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029962Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:39.734{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029961Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:39.734{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029960Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:39.734{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-0A9B-615C-2F06-00000000FB01}4292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000029959Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:39.734{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0A9B-615C-2F06-00000000FB01}4292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000029958Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:39.735{6EDEAD03-0A9B-615C-2F06-00000000FB01}4292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000029957Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:39.609{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EB47FE2663D8BBF5A72B72AE5AFA79A7,SHA256=57EBAA84C73B1C410632779B7C4034429D5F7DDFBEB071F38E5117E3E2C23D2F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000029956Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:39.516{6EDEAD03-FCBF-615B-AF00-00000000FB01}416NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014010Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:40.808{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2EFCD5E6882FB0BC5FDCCD1508889342,SHA256=0B3F2BF2AFD6AA6F62A9816B15E5546FD2AD1A4826570B790521DC03A2B02B6B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000029986Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:40.875{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1C33AA02DAD8F84C98B2A95E7DAD8E0A,SHA256=0C7F6F118128EA76CE03FCD99712EEE670C62F2D24342029773A0EC9F66289C2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000029985Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:40.875{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0A9C-615C-3106-00000000FB01}6084C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000029984Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:40.875{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F4B1FCE80456E8143C2D8D3604DFAE6F,SHA256=7E7CFBFECCAA56EBB5B543E4B4EA9C96D9B9107CC22BDC6C21DD76CF8606F4EA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000029983Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:40.875{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029982Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:40.875{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029981Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:40.875{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029980Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:40.875{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029979Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:40.875{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-0A9C-615C-3106-00000000FB01}6084C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000029978Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:40.875{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0A9C-615C-3106-00000000FB01}6084C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000029977Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:40.877{6EDEAD03-0A9C-615C-3106-00000000FB01}6084C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000029976Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:40.656{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=36A633D1B2BECB34A7F589090B00B618,SHA256=855379C4499643E9BC7F25F09DBEC6908D98BF0832C767A1CB8AE858A8781141,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000029975Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:40.547{6EDEAD03-0A9C-615C-3006-00000000FB01}26882436C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029974Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:40.359{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0A9C-615C-3006-00000000FB01}2688C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029973Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:40.359{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029972Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:40.359{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029971Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:40.359{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029970Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:40.359{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029969Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:40.359{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-0A9C-615C-3006-00000000FB01}2688C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000029968Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:40.359{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0A9C-615C-3006-00000000FB01}2688C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000029967Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:40.360{6EDEAD03-0A9C-615C-3006-00000000FB01}2688C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000029966Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:37.845{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52045-false10.0.1.12-8000- 23542300x800000000000000014011Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:41.933{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D101A9CBBA4E3CCED07728B435ADCDF0,SHA256=578847E37FC28E515596499CB81F6FC5651E0E9A046F79FC64367ABF71A192AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000029989Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:41.906{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1C33AA02DAD8F84C98B2A95E7DAD8E0A,SHA256=0C7F6F118128EA76CE03FCD99712EEE670C62F2D24342029773A0EC9F66289C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000029988Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:41.687{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE0839721D3EF4A5526FD64F36BD35BC,SHA256=56990A1218A05CB7F80C7953D7F95FE56055EF8C1F2C2AB9417044EC3AFC403D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000029987Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:39.097{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52046-false10.0.1.12-8089- 23542300x800000000000000014012Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:42.933{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=17FAC17E1ED8DADADA3E4F8738B80B9B,SHA256=C91CDCBC6C177F9E5FF39192E4C5C037FF810D31CF3081C8CB16A141D99AB694,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000029999Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:42.687{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7874A373290430BBDA690342470CDAF8,SHA256=2687CF4C5B7CBA9136C3E80824412CC7C48FEB49319947E5AE9A1B8A1B881129,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000029998Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:42.515{6EDEAD03-0A9E-615C-3206-00000000FB01}48606376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029997Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:42.359{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0A9E-615C-3206-00000000FB01}4860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029996Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:42.359{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029995Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:42.359{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029994Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:42.359{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029993Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:42.359{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000029992Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:42.359{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-0A9E-615C-3206-00000000FB01}4860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000029991Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:42.359{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0A9E-615C-3206-00000000FB01}4860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000029990Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:42.360{6EDEAD03-0A9E-615C-3206-00000000FB01}4860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030019Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:43.750{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A0895F3CEF2FFF3559C1FD1F0CC4DAC,SHA256=C2C21F928AC9A13199C1BE77B14AFADD0B91965AA112FF91304214196649921E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030018Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:43.687{6EDEAD03-0A9F-615C-3406-00000000FB01}66524832C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030017Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:43.531{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0A9F-615C-3406-00000000FB01}6652C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030016Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:43.531{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030015Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:43.531{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030014Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:43.531{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030013Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:43.531{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030012Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:43.531{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0A9F-615C-3406-00000000FB01}6652C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030011Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:43.531{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0A9F-615C-3406-00000000FB01}6652C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030010Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:43.532{6EDEAD03-0A9F-615C-3406-00000000FB01}6652C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030009Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:43.390{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2C534121D1934FDFCD666FDA5FF2AB26,SHA256=141161683E2340964C3343A54B99E47843E729ABDAEE9B173616143B977A3A11,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030008Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:43.187{6EDEAD03-0A9F-615C-3306-00000000FB01}49564836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030007Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:43.031{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0A9F-615C-3306-00000000FB01}4956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030006Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:43.031{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030005Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:43.031{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030004Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:43.031{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030003Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:43.031{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030002Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:43.031{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-0A9F-615C-3306-00000000FB01}4956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030001Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:43.031{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0A9F-615C-3306-00000000FB01}4956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030000Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:43.032{6EDEAD03-0A9F-615C-3306-00000000FB01}4956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030029Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:44.765{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD4DACAFD91D013B8252F88BC5EFF9C0,SHA256=B7FF9433DDB9F9912A5DC6001F25DE82B6CBC106A4A73C8F8EE466C715E49CA1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000014040Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:44.840{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0AA0-615C-5302-00000000FC01}4024C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014039Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:44.840{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014038Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:44.840{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014037Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:44.840{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014036Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:44.840{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014035Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:44.840{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014034Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:44.840{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014033Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:44.840{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014032Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:44.840{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014031Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:44.840{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014030Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:44.840{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-0AA0-615C-5302-00000000FC01}4024C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014029Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:44.840{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0AA0-615C-5302-00000000FC01}4024C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014028Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:44.840{49C67628-0AA0-615C-5302-00000000FC01}4024C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000014027Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:43.078{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50338-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000014026Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:44.199{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0AA0-615C-5202-00000000FC01}848C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014025Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:44.199{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014024Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:44.199{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014023Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:44.199{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014022Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:44.199{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014021Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:44.199{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014020Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:44.199{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014019Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:44.199{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014018Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:44.199{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014017Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:44.199{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014016Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:44.199{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0AA0-615C-5202-00000000FC01}848C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014015Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:44.199{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0AA0-615C-5202-00000000FC01}848C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014014Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:44.200{49C67628-0AA0-615C-5202-00000000FC01}848C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000014013Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:44.168{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EB335F20E7814A1186976C97B1ACEB0E,SHA256=3A87314DAC86408E9F6E8FFE5171715826F83784499878500F48D4A181E51E61,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030028Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:44.562{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8C0DA4E35ED4F618F242C3EAA5C855FE,SHA256=F3640CB698F04FCA29DA96436A150ACE0A1EB9089B4C0C8AF7872C1F150B0874,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030027Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:44.203{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0AA0-615C-3506-00000000FB01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030026Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:44.203{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030025Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:44.203{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030024Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:44.203{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030023Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:44.203{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030022Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:44.203{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0AA0-615C-3506-00000000FB01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030021Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:44.203{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0AA0-615C-3506-00000000FB01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030020Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:44.204{6EDEAD03-0AA0-615C-3506-00000000FB01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000014057Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:45.668{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6923DDD8D0CE7AEF1B6D6F1922C94ED0,SHA256=B06BA409181AB82CF31FD5694AEE2F94E703B58487CB57816ED6D4337453FBDB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000014056Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:45.512{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0AA1-615C-5402-00000000FC01}1612C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014055Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:45.512{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014054Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:45.512{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014053Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:45.512{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014052Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:45.512{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014051Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:45.512{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014050Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:45.512{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014049Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:45.512{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014048Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:45.512{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014047Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:45.512{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014046Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:45.512{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-0AA1-615C-5402-00000000FC01}1612C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014045Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:45.512{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0AA1-615C-5402-00000000FC01}1612C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014044Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:45.512{49C67628-0AA1-615C-5402-00000000FC01}1612C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000014043Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:45.199{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3D527A64B3AB9A1143E6ABB400DF6038,SHA256=9EEE1A6CA0B450ABF27DDD02189A30C1DB4A64809D8DD8BE1B72C53ABB440561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014042Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:45.199{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DEBD41415E70D877BB73F7A9BF4E526C,SHA256=07D670828AA11D14721537AC96765C632659E4975525B7CEFEEC6CA05A4C1A67,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000014041Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:45.044{49C67628-0AA0-615C-5302-00000000FC01}40241184C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014073Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:46.636{49C67628-0AA2-615C-5502-00000000FC01}23203556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000014072Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:46.543{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3D527A64B3AB9A1143E6ABB400DF6038,SHA256=9EEE1A6CA0B450ABF27DDD02189A30C1DB4A64809D8DD8BE1B72C53ABB440561,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000014071Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:46.449{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0AA2-615C-5502-00000000FC01}2320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014070Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:46.449{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014069Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:46.449{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014068Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:46.449{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014067Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:46.449{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014066Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:46.449{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014065Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:46.449{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014064Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:46.449{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014063Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:46.449{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014062Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:46.449{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014061Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:46.449{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0AA2-615C-5502-00000000FC01}2320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014060Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:46.449{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0AA2-615C-5502-00000000FC01}2320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014059Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:46.450{49C67628-0AA2-615C-5502-00000000FC01}2320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000014058Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:46.324{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3FC6D4D533B7DCFC1F75F6854148DBE6,SHA256=2DE4E5AD7A4E848F8B165F6E002939005A05D1C71F7FA59CEEB8074AF01283FF,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030031Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:43.738{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52047-false10.0.1.12-8000- 23542300x800000000000000030030Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:46.000{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=32A50E09A213FEB63FA4096588AEB401,SHA256=0FF635C09F0F22A4FB7432FD8B969C89E67732576245124A563C74E7F4205879,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014075Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:47.761{49C67628-FE68-615B-9F00-00000000FC01}1772NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014074Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:47.339{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=60C94C276F8DF72A1F0C03B20C61C58A,SHA256=634A491CFAE63FB1FA11EBB0A2A211B19D22F9687216B738C201AEE04743B477,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030032Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:47.015{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA7940D24228181D5CD2413285074586,SHA256=C1F6A521D31AF66683473A2183AECF7A69E8741908FC024FD28DB47CC4D458C1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000014104Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:48.916{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0AA4-615C-5702-00000000FC01}1892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014103Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:48.916{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014102Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:48.916{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014101Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:48.916{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014100Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:48.916{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014099Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:48.916{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014098Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:48.916{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014097Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:48.916{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014096Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:48.916{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014095Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:48.916{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014094Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:48.916{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0AA4-615C-5702-00000000FC01}1892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014093Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:48.916{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0AA4-615C-5702-00000000FC01}1892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014092Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:48.917{49C67628-0AA4-615C-5702-00000000FC01}1892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014091Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:48.432{49C67628-0AA4-615C-5602-00000000FC01}38883080C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000014090Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:48.354{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=285A81B64D76E2BA2BDB6CBE250D2B6E,SHA256=697A565E56A1A556EEECD3C678EA497B3A380EA4A42B651A134280C6E70138E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014089Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:48.354{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=74C6E72EECF37440B7532F42C315D0DE,SHA256=35FF24102F6F6609698042611D4288706991BF1D333FAE9839918C856255FC24,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030033Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:48.031{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8D23F1354B6DEF29A28256A57898D2F5,SHA256=711DA5AD21017FA5FECD8E1759A9B31AEF348C3623B8179376768E372ACEC803,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000014088Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:48.245{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0AA4-615C-5602-00000000FC01}3888C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014087Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:48.245{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014086Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:48.245{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014085Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:48.245{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014084Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:48.245{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014083Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:48.245{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014082Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:48.245{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014081Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:48.245{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014080Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:48.245{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014079Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:48.245{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014078Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:48.245{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0AA4-615C-5602-00000000FC01}3888C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014077Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:48.245{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0AA4-615C-5602-00000000FC01}3888C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014076Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:48.245{49C67628-0AA4-615C-5602-00000000FC01}3888C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000014122Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:48.170{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50340-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000014121Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:47.796{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50339-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 10341000x800000000000000014120Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:49.588{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0AA5-615C-5802-00000000FC01}504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014119Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:49.588{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014118Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:49.588{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014117Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:49.588{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014116Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:49.588{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014115Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:49.588{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014114Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:49.588{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014113Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:49.588{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014112Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:49.588{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014111Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:49.588{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014110Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:49.588{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-0AA5-615C-5802-00000000FC01}504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014109Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:49.588{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0AA5-615C-5802-00000000FC01}504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014108Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:49.588{49C67628-0AA5-615C-5802-00000000FC01}504C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000014107Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:49.369{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0CC29D9B8260D32B969745594F018581,SHA256=0F89149EAF7E84089960F5436FDEEEC4770EAFC497C1BBB7727EA3FBF21C06C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030034Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:49.219{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CECECFF4EF39A554D35F20493CF73492,SHA256=19EB29946805925EF529477144509002737B582B8599F3D409F07F7D84D4333A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014106Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:49.307{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=279C5EAF9589A4C36D1CE3B9F2965A3C,SHA256=5DD482ED1C616CC19E1E7D3EB79F60028341000CEC279801291BC1CC58B70525,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000014105Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:49.088{49C67628-0AA4-615C-5702-00000000FC01}18922892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000014124Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:50.821{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AE88577435937624DA3980B8C0EE2E9B,SHA256=EDA81F62D5CDE4E28EC770B217FA16431BE8EE7D2E2BBD32A56449D723EEB47D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014123Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:50.384{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B166232CB1524D0FA09CBED0BA53C08B,SHA256=9258D461B28B89512923FEAD8204E061E186672B591A902493570329D409A24E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030036Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:50.640{6EDEAD03-FC1D-615B-1200-00000000FB01}616NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=F7FF0C3BE25CA4C9C85A3B4A0711E522,SHA256=ADCCBB951DBD73896F21877EABC527655913B13CF120C85D6CEE049001D4B72F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030035Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:50.250{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5D0072EDD0605B437F0EF1B708B97EC6,SHA256=ECDCC336501FB237B5F7FB36259D28BA38C8B51873167DCD77ED6F9698732D4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014125Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:51.399{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=417D7148D9FB1754C120683EE41F531B,SHA256=02C50391A6D3B86BCEC1EC79F0AE2E2D6A02C4B035932CEBA0625AF08A3CAE21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030038Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:51.297{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21CC6F4A45E0CC8F1EAC51A54921CEE2,SHA256=3AC46655317E79CF0574B9ACF660DC9C25025DA359008D7CB4C6C41F1BB67EB9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030037Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:49.691{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52048-false10.0.1.12-8000- 23542300x800000000000000014126Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:52.492{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5F90180CA98661C6CE7634229891C8BB,SHA256=300D1BA848C0ABE9DAFC8A35B65324639E57A66793484BDE3A63C753C08398E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030039Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:52.359{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=82D4219AE3CBEE0C8C42C96517F2772D,SHA256=1C98DBC530CB96DE3FAF6D36397A2768E7864CBEF6108874FFE878C7BD321095,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014127Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:53.632{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C611C666FE9282DBF83F42F0E93D610,SHA256=DBA47482BB359226168925269CBCCD0E604B6AF25C224EF20ACEC8D53A8CE469,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030040Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:53.375{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E803C6DD808C33BB139A22D8EDECDA04,SHA256=23EA24E6536CD62192F3D8415F4E3E5224EBD5086A6E67FA6D97D19E355E9CC7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014130Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:53.277{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50341-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000014129Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:54.851{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1551A901B494C0C84432892E4C7E8311,SHA256=EF65B979688A6F62D28A91B973C7249A8C6A0C15556ED4200F186B56D4A89886,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030041Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:54.453{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EDB174073D19BCB3D9B2F469DB9D72EA,SHA256=F6EE7DCE807C1AAD5118E53AA4EC67A21EAC34BFB38FA9F8AEB86ED5824ABEB0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014128Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:54.229{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211005072534-052MD5=9DBD3CF651CAD1963D7DD9E70795396E,SHA256=D00FE5240C0E39CC33FD8ADFFDA13197E8833401D0A3D05F731F6A79B8E00229,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014132Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:55.897{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=65B96816A8C2B87016106807D66ACE09,SHA256=FD427BD9CA5E1A7A485C62F185DA5EE89AC750F43F6C9AB719824305B68494D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030042Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:55.484{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=80783ACB516D10B7AB8570FA71903748,SHA256=6122F86E9022CFFD2EB09667E147A08F2DB7C4CA8371A9248E8DE21163D28F13,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014131Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:55.243{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211005072532-053MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014133Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:56.975{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0275DCF2E842DD65A09BCFBFB185DD7,SHA256=C146C38621EA6E943DDA5FD28C804DA87DD91F0CDC5B0837D275833816384D46,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030043Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:56.484{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=78AB59BA3698C7A26E256404128052A9,SHA256=E99B1A07FB815E2F31AEE8BFADCB9A9AA9BFE3463D61F36C9C6EA8CE55701A4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030045Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:57.500{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5142934C610F9499F83AC037DF30C70C,SHA256=77A8B17BE60D3899BE41AACF4FFDDDF4F6F951BD9D5DFFC1AF2280A5BFC363C2,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030044Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:54.691{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52049-false10.0.1.12-8000- 23542300x800000000000000030046Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:58.515{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F4E02A4D5BD32ABA65D94B46CA5EDEC6,SHA256=9226BEA85C4A1E35D759F21F1F3DE6F85C465F8EABE32EE300FBBB2F429CDF87,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014134Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:58.224{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A712CF4F46D9BBF02110DC898B2DF0EF,SHA256=F4AF50B2EF27E47FF7AE7517C44FA04FFF56686B23CCD6CCE781E79E713CB73A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030047Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:59.529{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=41BAB06D5EB32C6064D595F3A933656A,SHA256=6B2E312EBBF27EC9E7B675747B4756D7E6F7DFECC0D7EBD77E9D86CC51A43CF5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014135Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:59.291{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B34D85417B6FD2570D3BD1CBEA42F789,SHA256=37D100DF688333F36C99E33310B55D35CB59CFB64A900C549B3B17A6E64F926B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030048Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:00.545{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=83F33FBF11C41F4AEB304BAD589BA716,SHA256=7C9472E145C48A68CA14895A68867F2E129478768676F9519A293000CCFD3151,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014136Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:00.431{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=65DB5FA3E07CF06B5C76FD0C1F3F0CDF,SHA256=CAB2C366E411B3F33C30CFD21AD57EBD9DE365FC5D62A843A7EB3DA2DC192EA4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030050Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:01.545{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5C33DC9205E88BF00F8A3EC9C58560A0,SHA256=C315D8C4CB924AA57FA593984031597F62C85031990124A0BC6C60243CB8227F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014138Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:01.571{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A5FD5491652453470E8CE9B429BDAC4C,SHA256=66D70959480BEBB26FFE112B1E95FB7120182CE43D902224CFB38075820BF79A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014137Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:19:59.217{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50342-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000030049Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:19:59.829{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52050-false10.0.1.12-8000- 23542300x800000000000000030051Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:02.560{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7E6E2A7C5BA22587A4310837C92738A0,SHA256=BA236C262D1A2DDBF72F22DC414E019872F2CBB26E3094A4FA243A8D3974B280,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014139Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:02.586{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=35C155C1E36ED6CD6D3E5C14790FA7AC,SHA256=BA43F272B4C3343C285FD24A62D3948DD0A26806274CA1D0C80D5F8E06BA41A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014140Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:03.820{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6FA1845C731013A6B3C2D1F0251D54ED,SHA256=99BB0D010A27FC00C3427EE0D4B7292E8CCB843E27C36C27FEFBD1C3FB952B32,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030052Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:03.576{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=950773A0FEF5CF2A5F1EF04389CCC6CA,SHA256=45C29F8B103AB6904B14C632A166B7CEB7BD5B9997C6DC717F7A850D5EA9E94F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014141Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:04.975{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9ACD8A199CB45A72F3569D044138B5BF,SHA256=F77EB9D9DDDA7881224409F6B7235D262BDCFF751D222FBA32359CFE53162930,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030053Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:04.592{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=456F38643434DA211F069595928B0816,SHA256=AD8B7AEB67398F079CCB0C687A0C2235D71ACFC448A1549C671375AFBBC6C020,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030054Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:05.607{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CACA0BAAE1E6FEC4CB5B4C6846925626,SHA256=C8FD20671EDC4AABEF5111BA9AC9D7D4B215718BB2AAA87FD3B8A3ED41AA5443,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030055Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:06.607{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A6C34CCF2ACBF95E4ADF6073A599563E,SHA256=B43CF3BEA6ED4151F227C1903DA4445088BB600B320C0F207C8EFC172263FA7E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014143Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:05.166{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50343-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000014142Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:06.100{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA024A0CAA2ADA78D013B14C60698FDE,SHA256=BF8AC262F3119C47233FABB026D7AD233B2A49F53937EB263EF720D113FDA13B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030057Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:07.607{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D52A6207DE405385CC314603B732981B,SHA256=3CBD4A6EE6B3133CE92F3FE44804609A817FFE14C4C2A2D2D343DFBA48EBAA72,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014144Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:07.115{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89A23693B33A47C0FC2877167BA893C6,SHA256=58CA73623F155FFFF9B04775A1F7917226834815598B50EAE4D4F9B778ABDB37,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030056Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:04.845{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52051-false10.0.1.12-8000- 23542300x800000000000000030058Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:08.623{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=650338FD0FC028EAC0B7B2B612E1EF9F,SHA256=B3932C34C8B1F518D053F7EDB4AD35A2916E16813C265EB4B828A900A09CD841,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014145Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:08.333{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AFC6E2E27F0E8240C5251ED6368CF821,SHA256=402B38BBA3861C4762A2155E7C66AEB600FFDF63EAEB03ED7963F72044C50A16,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030059Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:09.638{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A6FA87E29EC840C5564209C0189201BE,SHA256=90FFB76054DAC9D86BA79E11F2FB4772820C3622D9D12D35233C0E51F01EEC1F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014146Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:09.551{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9EA6125AA813F8B0EC49DEC07913BCC4,SHA256=7FD263F4640A615A64BC5C0BB9C2B21F4768DCD0A2E74914150867069A3B6925,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030060Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:10.638{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7D710E5F3469206AD088C4317048FB63,SHA256=931C39631D21F5C74FB8ABBAC1B96685E6912B2566887AF385E6C6B321E12B05,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014147Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:10.613{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=035AB1C6981A248B8AF78BD66570DA56,SHA256=39632A41CE951DE1E73D0B234E18337CF23E2FE8188D68FDDBB48761FAAE2F11,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014148Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:11.643{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5F4404DDDFEA5054E3428C81C8A15514,SHA256=756986116CA0297A9242F2E429A04AF0DEC6FF8EDB3F6589D614FB6C16D2E1B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030061Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:11.654{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=694519978ED5708ADC9D680BF80A5FBD,SHA256=F312AAD6F60A26EF6EDD6384AE96E4256ACEC0A7CE316F9FEC86AA16EEA88184,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014150Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:10.273{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50344-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000014149Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:12.877{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6FFE098963B4CD038D0558E11D1856DF,SHA256=3E288EBDD7CF9521C7714EBBFF48C682E92A11FC7CD11C5ECD9FE7BD9E150B19,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030063Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:10.626{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52052-false10.0.1.12-8000- 23542300x800000000000000030062Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:12.654{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75EC0907082864AAC7DF71137C3C1FC1,SHA256=BBFB5BE0C1796A041EFB4F6CAD3480A75EAC09AEC322601D4D5939A93A1B53DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030064Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:13.654{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=35A70BFFE1192C759584797C4E574E22,SHA256=85FEDB84266AE7352FC296DBF50D382B7CA93C57CCA62F25DC3FE43304D4636B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030065Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:14.670{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7B4462E7506D17E7C11E87BF78A25DDF,SHA256=FF0768E8114C849C610FC01FD8A158885DEA68CFA23B738339E58290F5F4639F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014151Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:14.111{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F1454B40D92C6EEC283CBB48CF701B11,SHA256=A14609F215873E862F608196C60208D7B906D5B13343ABAE60F960059A8E634A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030066Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:15.685{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CDC068E8D80DD377EE3A81CB43B96FBB,SHA256=A501501889810CE903FF886B007BB4EDE43D7CC829E6472CBA0EAC907DFDE0F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014152Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:15.251{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D0B93FDDFF7D6AD5089776B3C8FC58C9,SHA256=0F1197F64375945355E9C1B597CFAC4891CC0F03B8F174B46370C8020441D52F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030067Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:16.685{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8581DA2EFCDE3BA760FEF48C3496F003,SHA256=8E8DDD3FD8F2A533931D084AEC435583033CEE99D50A3C2EBC2F6147A99BE2DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014153Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:16.484{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3FE52594637A0E83841C52C56DC64A80,SHA256=9FC40C69E4AD705FFD68810540DF2209850F403447A148B2B4C1657A24401AED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030070Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:17.685{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B4DADEDEEFAFB3787E42C603F1BDCAF,SHA256=A24406098BA456DDE0D9D575E6BE4F948DAEB1AA7A6A9408EC3EF0C9EC431384,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014154Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:17.531{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=354B91272A127E9AF11C510F561A11D0,SHA256=A915E5974013FB8E03F269E064EA4C48983B9B6A551D79CF136E36D9E996A1BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030069Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:17.638{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=04F665C58579E4622D8625DCA0BB5E43,SHA256=852F6A0DD5E5192307B0FA9FF39A580D14C098D1A5F58A1DEBAC157B617A002D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030068Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:17.638{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6D59E1E35931102A9D79C9DD033F8BE4,SHA256=292F51C8A1DAB48C725A9A6F492B7F24313368DB808F185CF18D17417D029FA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030074Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:18.701{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9FFD3EAA5142F5285A416A05BF82E476,SHA256=E171D916638450A6769FD2AD49BA7CF7F7F768708DBC29438DC5EB7F97500A0D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030073Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:16.626{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52054-false10.0.1.12-8000- 354300x800000000000000030072Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:16.220{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52053-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x800000000000000030071Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:16.220{6EDEAD03-FC2A-615B-2900-00000000FB01}2912C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52053-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 23542300x800000000000000014156Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:18.764{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=28FDDB7B18861AE53A687CE8A5D2EC0B,SHA256=74782908A54B8C1A15EBAE6261DF0D9AA0381FF4584A589DF27C7B581CE340AA,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014155Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:16.145{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50345-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000014157Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:19.777{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C7B954EF3E5FD21B14C31CAED966F90E,SHA256=D4ECE2F6E504BBB75EE2BA3B8C9253D732EA2CFBB4316B7D8A92F358534D3E3C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030075Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:19.703{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA1E2F27A9761288E2650CA663B5E0CA,SHA256=B6C9549CAF9746BFA0EE1B8D448616E68DA40941ACC38CDC0D1A2B9389F9FEE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014158Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:20.792{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4938F83D7CD0CAA5713940205786247A,SHA256=4C767F7E55386BF0FBFD6E857B28342A3BCF8DAEC49496951C014D097236E560,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030076Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:20.703{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5BD86DB12F742BF03E9E4E0752B53CB3,SHA256=07698FFC44F4433D7E6EF8428577485EBD559A3ED583E702A07586E1E96148B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014159Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:21.807{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F73FA3BE414CAD7CA37E06B405046A3,SHA256=ABC76EE71B9AA7C70E7A292952E615A3EAB35DAADD8AF8B52405B2DDCE4F3B63,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030077Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:21.703{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3DD892A63D75F9BD7F036E9DFE880D88,SHA256=B89693DE529A41C9CEE98120A32820C53DE10A846F8F1AEC265D7C0356B5EDC7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014160Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:22.979{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=371CB8CF10FDDFF7E5907522963D713F,SHA256=AAC18FBE28D5AE1D70C96185803E40AD22B867682B0D0E43D50D64D122C3F096,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030078Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:22.703{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EBE289E769DFC5FE5AA83586CF7AA352,SHA256=A6956D570F07BF67644BE948D5A4BFFD1B58ED60EB33524529645092016D4936,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030079Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:23.718{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B3FB0ADB9B2BF9909D04ED9A0EE675EB,SHA256=D87B470D2C42944531FAC076A4D025EF8B8031A2166983E6E7941953D85DCB9F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030081Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:21.800{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52055-false10.0.1.12-8000- 23542300x800000000000000030080Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:24.718{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F6B07A29DCCCBCF9B67952C416F7EAAF,SHA256=D3F953E5ED53D65948D1F1099A2349ACA346844A994989D81EF765766B1FE83B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014162Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:24.228{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AED15FFF8314CFDF0764C59F1EEBAAAC,SHA256=FF707A0982B4AA4084DCA9F54E56A84DBA76CC5C2F20247A60D52AD580FF5BE8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014161Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:22.139{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50346-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000030082Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:25.734{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85C2246E387FFAC728756704B06A2A3F,SHA256=95B545C8A41694B3672E745D91E273A3F472A76368DFD8965428948ADA6560AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014163Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:25.461{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4F1C5CDD18A832DE83A91807BD2649E2,SHA256=D6F967B9CF913A6CE42B044271FDA2A35224790144FD117FAB3BD27555C133C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014164Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:26.648{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2585E62C850D1CD119FB5AE5AE01B57,SHA256=AE7247FA8B7FE00C5B7120C34C649D28C92972E11051BC7CF2B5DD576398E030,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030083Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:26.734{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=649CD7F8DF7F3575E70A77CDD4192E4E,SHA256=16A85026EF47F013BC1787A03CD8108E095C3C93252DA66B986E159B3AD41FF6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014165Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:27.695{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=246614B1F086D97D29E7BB760D1999A3,SHA256=12257CE84DD41D74B5F18086A9DD8F1B77C6D8550380530D7B6149FFD7FC2B3E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030084Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:27.734{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=30AB5FCF63D3FC855026BFBEA3A77FC1,SHA256=0C2212DD00D2F9B6005CEEFCB596303FBDDDF8E0BC0F31692F766560B6632663,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014166Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:28.881{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DD944FAD4920CCC4DBF69986A4A1B03D,SHA256=8A79208FA87DF33B565E7852C78B6A730F753C1071EBE15A38954D21109F0D12,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030085Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:28.734{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8DED6C092877D05A82C8348BB533D45B,SHA256=C4E5A4B1C6E9FC6F763B0C8AEEE5A4A8227C3C8849FAE5E2059774DCEED783F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014168Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:29.928{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2FE4D5D5A2CF89590244FFE548ED55F9,SHA256=F6737DB1141043F50554FABAABE5FA3BC694FDD0E0FA7DA20DA866D9968DC647,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030086Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:29.750{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=15C3D2CC81A5A5C7E52756DDFD1ABD31,SHA256=95C87FDE9945713F0B1B7E94B9126AE201CE98151C8ECD92EDD6D90577C269FC,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014167Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:27.152{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50347-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000014169Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:30.944{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=24A8D4205888340D5C9E1FF3EC05662E,SHA256=E159129ECFFC31CDBEA288A01DBAF7C45CE8200F14ADC889A9F25D0E61817B1A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030088Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:30.750{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB73CC7C52C5D2618F8E7485C975A417,SHA256=273E2810F42FC397BF066F5A8A533C9A50E39F71D0461158814A38C9EB1A45ED,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030087Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:27.753{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52056-false10.0.1.12-8000- 23542300x800000000000000014170Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:31.959{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9C2E6E7636F769B06D1972C6444FF744,SHA256=AE6F90781E057893A6EBEC34A438BD3892C2D4C0037B51A96990EFE0C62563D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030089Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:31.750{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6BDCF50FCF515F9D967BD18811FEC32E,SHA256=287CA6D4161206B3D495354BAE41315C76EDB0E5C80A5691D3828C8FC7A38741,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014172Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:32.975{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C43E25429DBB9557A129251E1BC79EA,SHA256=C71E142A890CB5DC8763FD25CDD6536723826AACE09E238849EDDC443CBB07A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030092Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:32.765{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2F5D8CB72E92A158B6CF787F1F6E48BF,SHA256=DF3755DF57D6D22C61CA1D9A0743DDC375C27636564AD8CA07478AE75E2A3EF9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030091Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:32.765{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=907D2EF697B9449AEC0D86266C3023B7,SHA256=47EA80766B016BBCBEA1D1F64DDE97E302C5AC376BED87D5DDAC962A2700DA51,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030090Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:32.765{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=04F665C58579E4622D8625DCA0BB5E43,SHA256=852F6A0DD5E5192307B0FA9FF39A580D14C098D1A5F58A1DEBAC157B617A002D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014171Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:32.459{49C67628-FDEB-615B-1100-00000000FC01}964NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=AB057AD87F75E6A9D11E864579C6F765,SHA256=F344EEE2726719E104489B47C8A94E62535EBA7F843DE83376C4FD7DA5EAF175,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030093Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:33.781{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=473F8EC3A1E8F63976B2908C385C4FE8,SHA256=C5675471C9F380B369456A28F2C3C311630ED69610C08464FF89B28BE15C897A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030094Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:34.797{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE0752C981A0B6D6BDAE13134BDAC4FF,SHA256=167F36D34B1FA939EC043FE8D55787515E784004D2D4590CBAF0EA7C5A1C5C86,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014174Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:32.244{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50348-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000014173Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:34.115{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=444304B638A711BCE706563BEF586A38,SHA256=42D0F2BAC96AF1F056405D789285F313151268F1E8809D27C2BB48ACAE2A26C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030095Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:35.812{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F33F26196F2CE3A75E49B83AB34BC4EA,SHA256=49E708D167B4B2AA50D3E007B7FE6862A282EDE84EA3512E16A4C343499E3987,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014175Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:35.248{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2AFB5E84C5DE4EDE321393EDAE267F20,SHA256=C1DEFA22EA01E007240F381403A1997588A30753BEBB34F4DF08672468D8B130,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030097Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:36.813{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6CDD627C0E035A21E216CB07CFA9F661,SHA256=246CFD177719BB24A94394C431F6D0D5CB85FA744C2765A935A2C0775029CF83,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014180Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:35.062{49C67628-FDEE-615B-3A00-00000000FC01}2836C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50352-false169.254.169.254instance-data.eu-central-1.compute.internal80http 354300x800000000000000014179Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:34.981{49C67628-FDEE-615B-3A00-00000000FC01}2836C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50351-false169.254.169.254instance-data.eu-central-1.compute.internal80http 354300x800000000000000014178Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:34.933{49C67628-FDEE-615B-3A00-00000000FC01}2836C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50350-false169.254.169.254instance-data.eu-central-1.compute.internal80http 354300x800000000000000014177Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:34.932{49C67628-FDEE-615B-3A00-00000000FC01}2836C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50349-false169.254.169.254instance-data.eu-central-1.compute.internal80http 23542300x800000000000000014176Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:36.484{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2EB28C48E2FD1F70199024E37B3AD0D6,SHA256=1AD16101BDD62F28F6C0FCD284658E4B7AC6543C88CEBFBBB2024B0D2B911FCF,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030096Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:33.691{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52057-false10.0.1.12-8000- 23542300x800000000000000030099Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:37.829{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=93AAF3350FF5DDE028835A69938262BC,SHA256=83BDBDB214C507AE4B926378490253C8606CF9F59588318DBD116A91A21C0A6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014181Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:37.515{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B723AEB9D7C145A4D9A787B05436944,SHA256=C253FE2A32F36F77368B06256D1DF91AAC0944FF6BEC590DF2C3172335E3D147,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030098Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:37.081{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211005071805-060MD5=AA6F78CCC35FD74424B933C975A9F779,SHA256=482DFC86E7C4A11E76E3E352EB64B396C84C083D9F57F37823883232EC55A225,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030101Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:38.830{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3DCB7984EFC59DED18D440F02C8B04B9,SHA256=0BB5AB6AB317EC04A7A1834E15E618A4F3A003C4BB4061DF92456D6915C308D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014182Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:38.530{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A60B0807542C2B09FFBA07D65CD9E1A5,SHA256=FD1BF353BD677D896C3DC4B0CAA6DD6BE21BE25202E5901BB977F0DD24A38780,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030100Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:38.094{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211005071802-061MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014184Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:37.253{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50353-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000014183Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:39.558{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E15B0E8EA70AE8ECC5B2ABEB90962A84,SHA256=6B24C75BC9DDA13707398F14CEFA3B89611E7A66C0BCE96BE60D534471C747F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030111Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:39.842{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6CBB96511336B85CBD70FAA3D18A8519,SHA256=1BA29418B28EF5FCAA9FB6802D24923A455545764FAA629E849965E0489A6FE7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030110Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:39.733{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0AD7-615C-3606-00000000FB01}5320C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030109Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:39.733{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030108Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:39.733{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030107Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:39.733{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030106Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:39.733{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030105Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:39.733{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-0AD7-615C-3606-00000000FB01}5320C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030104Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:39.733{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0AD7-615C-3606-00000000FB01}5320C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030103Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:39.734{6EDEAD03-0AD7-615C-3606-00000000FB01}5320C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030102Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:39.546{6EDEAD03-FCBF-615B-AF00-00000000FB01}416NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014185Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:40.730{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2874AFA008834C0EB9DE0BDB4ABE4066,SHA256=48F4CE184C665ECFF67B87E65CF38728C12646EF1B6BFC25611023B4B65C158E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030131Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:40.967{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0AD8-615C-3806-00000000FB01}5076C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030130Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:40.967{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030129Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:40.967{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030128Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:40.967{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030127Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:40.967{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030126Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:40.967{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-0AD8-615C-3806-00000000FB01}5076C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030125Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:40.967{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0AD8-615C-3806-00000000FB01}5076C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030124Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:40.969{6EDEAD03-0AD8-615C-3806-00000000FB01}5076C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030123Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:40.843{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7CBCD517B7A6FBB01B24D4E5240011E7,SHA256=1574DC7E9E79BF0B8CBF5576257AE1876B000C696B6CEFF97B329F78B2A46E98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030122Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:40.764{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0A6685CA9A8D8542F6A9487E5D5684D2,SHA256=DBEAE870818B487A5AE621AAC1461B5F22FEE3C76FF625D421EC543D5E35A4B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030121Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:40.764{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2F5D8CB72E92A158B6CF787F1F6E48BF,SHA256=DF3755DF57D6D22C61CA1D9A0743DDC375C27636564AD8CA07478AE75E2A3EF9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030120Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:40.530{6EDEAD03-0AD8-615C-3706-00000000FB01}15526856C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030119Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:40.342{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0AD8-615C-3706-00000000FB01}1552C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030118Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:40.342{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030117Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:40.342{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030116Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:40.342{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030115Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:40.342{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030114Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:40.342{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0AD8-615C-3706-00000000FB01}1552C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030113Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:40.342{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0AD8-615C-3706-00000000FB01}1552C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030112Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:40.344{6EDEAD03-0AD8-615C-3706-00000000FB01}1552C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000014186Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:41.964{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AAF2A3C1412D35B1787609DD6BDCC9AE,SHA256=7AC7934D9F34829FBD1727B387D88B29E7F0E8E9E6C4F772A19931D2BF705501,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030135Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:41.983{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0A6685CA9A8D8542F6A9487E5D5684D2,SHA256=DBEAE870818B487A5AE621AAC1461B5F22FEE3C76FF625D421EC543D5E35A4B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030134Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:41.858{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=01F43D631A6530A6ACD4AC846F64B792,SHA256=CAE7D260CD069249DE11FE4124ECF744AE52B2FB570D1BF22944A7AE63C79E8C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030133Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:39.128{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52059-false10.0.1.12-8089- 354300x800000000000000030132Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:38.846{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52058-false10.0.1.12-8000- 23542300x800000000000000014187Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:42.980{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=07A7FCBBEC4DE25F0F20E2131632F696,SHA256=B12D9D6BD371177B4182BC56FEB8C7F391A129A6E2BFC2CFF6B1B78EA10FF5BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030145Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:42.874{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B83F7AC0AFF466E5C355EE1798B1830,SHA256=665B80589E7F702BC5BC9048A2A2AF49B48FE726104A2FD5B4517543C0FB2C3F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030144Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:42.530{6EDEAD03-0ADA-615C-3906-00000000FB01}34044128C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030143Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:42.374{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0ADA-615C-3906-00000000FB01}3404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030142Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:42.374{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030141Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:42.374{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030140Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:42.374{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030139Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:42.374{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030138Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:42.374{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-0ADA-615C-3906-00000000FB01}3404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030137Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:42.374{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0ADA-615C-3906-00000000FB01}3404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030136Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:42.374{6EDEAD03-0ADA-615C-3906-00000000FB01}3404C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030164Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:43.905{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4837B0A0C27AA7DB8226599DBC270675,SHA256=77B6D0B3CF2BDF30807462C1B57D3938A655AE2103469ABBFDB43388FEE8DC4E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030163Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:43.717{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0ADB-615C-3B06-00000000FB01}1612C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030162Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:43.717{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030161Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:43.717{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030160Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:43.717{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030159Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:43.717{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030158Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:43.717{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-0ADB-615C-3B06-00000000FB01}1612C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030157Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:43.717{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0ADB-615C-3B06-00000000FB01}1612C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030156Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:43.718{6EDEAD03-0ADB-615C-3B06-00000000FB01}1612C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030155Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:43.374{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B3908F3CF2A87D04B6008C80F6D2220E,SHA256=B51BC686B7D015B5B0290794B9997D6EF44865A93653B66DFBB68FF305FFCD4D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030154Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:43.186{6EDEAD03-0ADB-615C-3A06-00000000FB01}14607024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030153Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:43.046{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0ADB-615C-3A06-00000000FB01}1460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030152Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:43.046{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030151Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:43.046{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030150Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:43.046{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030149Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:43.046{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030148Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:43.046{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-0ADB-615C-3A06-00000000FB01}1460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030147Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:43.046{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0ADB-615C-3A06-00000000FB01}1460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030146Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:43.046{6EDEAD03-0ADB-615C-3A06-00000000FB01}1460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030175Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:44.905{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=29C1F0F41A7919BE0A3B802BC860CF22,SHA256=8F34EC5DA1939021BEA95CBBE77DC1288307D5E6AAF4218B17310B8FCF4AF9D0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000014216Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:44.917{49C67628-0ADC-615C-5A02-00000000FC01}35601076C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000014215Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:43.234{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50354-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000014214Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:44.698{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0ADC-615C-5A02-00000000FC01}3560C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014213Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:44.698{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014212Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:44.698{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014211Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:44.698{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014210Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:44.698{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014209Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:44.698{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014208Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:44.698{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014207Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:44.698{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014206Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:44.698{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014205Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:44.698{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014204Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:44.698{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0ADC-615C-5A02-00000000FC01}3560C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014203Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:44.698{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0ADC-615C-5A02-00000000FC01}3560C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014202Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:44.699{49C67628-0ADC-615C-5A02-00000000FC01}3560C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014201Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:44.198{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0ADC-615C-5902-00000000FC01}3916C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014200Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:44.198{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014199Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:44.198{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014198Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:44.198{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014197Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:44.198{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014196Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:44.198{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014195Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:44.198{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014194Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:44.198{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014193Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:44.198{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014192Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:44.198{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014191Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:44.198{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-0ADC-615C-5902-00000000FC01}3916C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014190Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:44.198{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0ADC-615C-5902-00000000FC01}3916C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014189Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:44.199{49C67628-0ADC-615C-5902-00000000FC01}3916C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000014188Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:44.105{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=56D87806FC8B1BBA8D7E343ECB3BFD4E,SHA256=2A94516F4F03576FCFF0AA2D056C9E0BAE9B7BE73161F2D325933859A82A2543,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030174Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:44.733{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=78A04D0EB67FB760BC31835632801FA7,SHA256=46FA1E8E71ACDA981EEC398DCF3BBD2D44C9BC5930E67234B57D39EAF4F04D47,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030173Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:44.561{6EDEAD03-0ADC-615C-3C06-00000000FB01}63685596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030172Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:44.389{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0ADC-615C-3C06-00000000FB01}6368C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030171Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:44.389{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030170Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:44.389{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030169Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:44.389{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030168Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:44.389{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030167Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:44.389{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-0ADC-615C-3C06-00000000FB01}6368C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030166Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:44.389{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0ADC-615C-3C06-00000000FB01}6368C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030165Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:44.390{6EDEAD03-0ADC-615C-3C06-00000000FB01}6368C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000014232Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:45.698{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1A1BE462287DF6D9F9D037A2C6ADE2DA,SHA256=ED154E98713FEA99399995E13CBD0355384E6B3984572ABDFC2F843AA83C4C1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014231Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:45.323{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=51D7E9D0CBF04E2DC1600E202F535386,SHA256=40BCE36D356C891295F2DC5DDAA5E634375629AE4791FA74C50687F9743D1356,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014230Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:45.323{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DD71A30BF1CF8CC993C8F10792563E6C,SHA256=D9E04B6AF76DDF5569105F17EDDD98AACF2FFD6C625337E702CD36B53575FB23,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000014229Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:45.198{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0ADD-615C-5B02-00000000FC01}3944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014228Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:45.198{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014227Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:45.198{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014226Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:45.198{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014225Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:45.198{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014224Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:45.198{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014223Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:45.198{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014222Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:45.198{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014221Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:45.198{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014220Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:45.198{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014219Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:45.198{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0ADD-615C-5B02-00000000FC01}3944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014218Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:45.198{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0ADD-615C-5B02-00000000FC01}3944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014217Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:45.199{49C67628-0ADD-615C-5B02-00000000FC01}3944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014247Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:46.604{49C67628-0ADE-615C-5C02-00000000FC01}35403464C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000014246Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:46.557{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6B7262E29B2C82039D5324AF1DD71756,SHA256=AC204C8D2703BFE1AE3F975E5C254796BCDF654FB4BF73A17B67A10A934EE072,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030176Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:46.124{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7254A4B9ECAAA59C668FE563BB075F4A,SHA256=9C5526A0661563E7C2C51E168A619FA3A6EC625DA1C6F1DAC8636E689968AAC0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000014245Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:46.464{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0ADE-615C-5C02-00000000FC01}3540C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014244Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:46.464{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014243Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:46.464{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014242Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:46.464{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014241Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:46.464{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014240Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:46.464{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014239Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:46.464{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014238Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:46.464{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014237Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:46.464{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014236Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:46.464{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014235Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:46.464{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-0ADE-615C-5C02-00000000FC01}3540C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014234Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:46.464{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0ADE-615C-5C02-00000000FC01}3540C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014233Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:46.464{49C67628-0ADE-615C-5C02-00000000FC01}3540C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000014250Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:47.776{49C67628-FE68-615B-9F00-00000000FC01}1772NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014249Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:47.573{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B714A235C79EF23C1058219CE076A43A,SHA256=95293C78A91E707602C3A75886E783FB74B94E12B6FB6E65EC0A8C0A1B888C13,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030178Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:44.862{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52060-false10.0.1.12-8000- 23542300x800000000000000030177Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:47.186{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=482EE4A44429A6D45370F47FF7E19662,SHA256=264929330E3756777896F79B7790F473EF05D9BEC839D810BD25BF6366C35F92,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014248Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:47.557{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=51D7E9D0CBF04E2DC1600E202F535386,SHA256=40BCE36D356C891295F2DC5DDAA5E634375629AE4791FA74C50687F9743D1356,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000014278Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:48.917{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0AE0-615C-5E02-00000000FC01}1692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014277Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:48.917{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014276Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:48.917{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014275Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:48.917{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014274Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:48.917{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014273Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:48.917{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014272Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:48.917{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014271Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:48.917{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014270Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:48.917{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014269Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:48.917{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014268Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:48.917{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-0AE0-615C-5E02-00000000FC01}1692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014267Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:48.917{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0AE0-615C-5E02-00000000FC01}1692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014266Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:48.918{49C67628-0AE0-615C-5E02-00000000FC01}1692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000014265Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:48.807{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DC588051B0271626DE21C7C4385809CC,SHA256=F01615615C52957ED9767A2D9335F536213FE4D191164F0BF8F0F1DE1B5FD24F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030179Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:48.186{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D1C92325716FB34436EF78845911444,SHA256=BA7027F5CB439889D02C58CBD3E796F7759CBFF51F3373848B7F6CBC273E21B5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000014264Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:48.448{49C67628-0AE0-615C-5D02-00000000FC01}31081432C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014263Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:48.245{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0AE0-615C-5D02-00000000FC01}3108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014262Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:48.245{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014261Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:48.245{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014260Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:48.245{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014259Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:48.245{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014258Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:48.245{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014257Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:48.245{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014256Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:48.245{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014255Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:48.245{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014254Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:48.245{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014253Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:48.245{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-0AE0-615C-5D02-00000000FC01}3108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014252Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:48.245{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0AE0-615C-5D02-00000000FC01}3108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014251Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:48.246{49C67628-0AE0-615C-5D02-00000000FC01}3108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014294Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:49.589{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0AE1-615C-5F02-00000000FC01}1264C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014293Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:49.589{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014292Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:49.589{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014291Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:49.589{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014290Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:49.589{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014289Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:49.589{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014288Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:49.589{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014287Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:49.589{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014286Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:49.589{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014285Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:49.589{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014284Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:49.589{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0AE1-615C-5F02-00000000FC01}1264C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014283Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:49.589{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0AE1-615C-5F02-00000000FC01}1264C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014282Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:49.589{49C67628-0AE1-615C-5F02-00000000FC01}1264C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000014281Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:49.292{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B81A9C8279610CF99E8E68A72A09A36E,SHA256=C89AEA1E8EDF50C5911D8E104B927179F4938FC8CA516BF424CB68E1FC41B1EE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014280Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:47.811{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50355-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 10341000x800000000000000014279Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:49.089{49C67628-0AE0-615C-5E02-00000000FC01}16921756C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000030180Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:49.202{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=475D87F3E876340BE36E6CC2D516FFE9,SHA256=DAADB86941CC2E9C569149AE9569DF5F961D1A844880E25EBE4BEC3545C7DB22,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014297Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:50.604{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DFEF8F72EC15FF66558D027E8EDBFE0B,SHA256=53481353E71F0243E9E77142269941B45CBB437BF799A1BE9F77A4066D5D03B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014296Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:50.479{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0AB02E60F03D4E22430DAAE07DB65644,SHA256=BC97E24CD6BD9B3601C245F89CF5017CBB9B3F52716193A9056FF5182578D115,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014295Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:48.296{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50356-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000030182Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:50.655{6EDEAD03-FC1D-615B-1200-00000000FB01}616NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=8302DC9BA9130708D285EC8F08D4BF8C,SHA256=EFDD95564A1BEB75309A4D0E3974AD8A8834A0E8EC92CB52E68D273E7FFF31F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030181Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:50.217{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51BE515122A20A4382949AB6D6DB959E,SHA256=43BD38593E20A88BF4D1B13DA1672180DECA0415FAEC292838FF41492A448B7C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014298Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:51.245{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=71E3F96EA70387B1CFE85ACADA781683,SHA256=961DB4333C774E4450C04DB0DC28B5E93DD732EF5A7192BF4B1BC9032AB5DADF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030183Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:51.249{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D22A52973B64CA93AE3B0BF8F9B27F1D,SHA256=B2FA556833C8778AC0348F9E57F100B3C2FFB828485983E579621386DCCAB1AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030186Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:52.342{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5046EAA0711C632CF9E89C47A3D29191,SHA256=0FF991BE095F3B435E95E59C669EB1F158BE57F2C96591B29D190EC603578900,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014299Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:52.416{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA857229F8F1FEB44FEC19035F4B7AD4,SHA256=36C79CB0725A474462A27DB11959D1EAE19D408296259597E964ED80221F95E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030185Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:52.186{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=5AE0F4D9A0813751BD342CFE6D138CB3,SHA256=13AEFAE4B42AA1DEE8092DE722016207DAB146EEEDB0335CAB72FA61DFB97320,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030184Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:52.186{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=9F223D05EC2367FE42C52435C62C0484,SHA256=EAC4168B858C01D07C819E74EEFE67A6F513260D60D3ABE0A3E5EEE571EFCA82,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030188Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:50.815{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52061-false10.0.1.12-8000- 23542300x800000000000000030187Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:53.452{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3FDBB5CE6CEC152BF7E360480D9E5554,SHA256=CB48A303912DCD85CE9A5655E081A851C37A1902AF9E6BA06D0E200E53D2374A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014300Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:53.510{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B81DD9666685F00C76F7443CEFEA602,SHA256=436B529555C5AFC6145C2474F88F3EFEC96FEC928F39E7347C0B7C1577B5C2F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030189Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:54.514{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BEE7297D8B649AD724140806A7899022,SHA256=AF9A1E3C50AA002FF1B43AA9D745643018EAAC3428820E8C362835047D257790,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014301Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:54.541{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=44372783CEB2AE32EE599F88364978ED,SHA256=C83FCDC7E32C25DE4B40CE3E8EEE7E1513EA22D606015E39ACAD22CC0C52695A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014304Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:55.763{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211005072534-053MD5=9DBD3CF651CAD1963D7DD9E70795396E,SHA256=D00FE5240C0E39CC33FD8ADFFDA13197E8833401D0A3D05F731F6A79B8E00229,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014303Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:55.697{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=46E3587AE4E86E5F6F8A8DC7EB06C3F1,SHA256=F790F14A4E8343D05DE4B5E3CFCC6DCB7A391E0916AA93FEB5F29D9CD890A634,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030190Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:55.592{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=258259ABC97E06633D25C8F98F388188,SHA256=98435861DE7F071332C20E6479BB64018041BB1357F7A8E374168C2CB91F89DF,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014302Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:54.061{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50357-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000014306Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:56.915{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=964206712904258322E4CB1BC4AB3CED,SHA256=135492479400E92FD27A5A8A21A72B4465C4E1D1619429F2173F8A42A5AE95B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030191Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:56.592{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C360C8648952070C2C0D35AD96720586,SHA256=A5E3FE3B862BD3286516A257DE963D213D1DC819CAC941CD3F58AAE32C981D70,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014305Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:56.763{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211005072532-054MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030192Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:57.827{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5F11DBD7CFB7108D4DB2E515F3E5ECEC,SHA256=3E324A7565B9A6F72D5004AD19945B3D535FC83544409FE287F15A9EC8831A1D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030194Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:58.827{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E4713495680ADE8157521601D7AEC27A,SHA256=22953161167AF10B69C24326776FF7DF417C48AEA1E80119674DA727D93915CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014307Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:58.136{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0AC43EC895A8EC3F404AF18398643524,SHA256=0583671914E56BFCBEA53E38169FEBE93279687CE5458FB156426B18E5E55452,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030193Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:56.659{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52062-false10.0.1.12-8000- 23542300x800000000000000030195Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:20:59.887{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C755A9A4EA87597281F55E983AA866D,SHA256=DD667889F0FC1F54712A9C37B392C3D95DB52D334746CAB01E98031783600FD8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014308Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:59.321{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=47C30617747B98C9A2FFA399D3E05BC1,SHA256=2B3EAA01B7DEDE03156E7B171C06EAA059AEB36D4BF76661418BC3A33A3A7FE6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030196Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:00.965{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CABAE850BA9FAE5D10D9FCF364817D00,SHA256=320ED2B76F026865A582A627DFB30C8F1B133A8D2C8A47B55F3CD77D9BD52498,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014310Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:20:59.310{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50358-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000014309Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:00.321{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A6F311FDE8B66C4FA87B021D55BBCA82,SHA256=A53BA0E60B1D68F326DC4E1ADF2F4CDF5FA61FC4D18EE820F82EE76D6EF623D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014311Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:01.337{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=71BEA9098DE7BCEBFDC79708D516C6DD,SHA256=3D126F79D8483C56368F561085AD2D6F6BAF0BE63D13C83B6477D90524F5AD65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014312Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:02.352{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E624470D3700B69F4D27969B35735E38,SHA256=14BC1792D5DEE868CEB101D6C61204702A4DC4BB79085DB1FC659F99EFF706A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030197Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:02.012{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2C562CEAF328A5336932C71ECD88E33A,SHA256=D1A5A6A031A3724BE3E86E2209BA0F64AA44848EDA6A4B7F5050365C6AB0E07E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030198Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:03.074{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A119C71D0F164205D0C9CF03E970D3DC,SHA256=5B17510B001D74234B907739FD8A7A9BA8CB350D51209D7D41ACCEE47DF2DA7F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014313Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:03.368{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8DD1854A83C4F681812C01281925CBAF,SHA256=37A5CD47CD3DDF60B61E16FEFF3DDC325A41E4C0045E34545F3ED9816A800EC5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014314Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:04.383{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0DBBFD5692CE1699E92069391D8B830A,SHA256=7780A72AB72F0F55A334ECB9081339A20BD3EED38EA9D1B077CDA30952272747,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030200Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:02.672{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52063-false10.0.1.12-8000- 23542300x800000000000000030199Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:04.184{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C3195C6348C5B73ED680239E5BD222A7,SHA256=E1A4D6EE0B87F0B9641238466877EC89FB03A306A874E66BA5D6A12A04D3D220,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014315Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:05.399{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AEF617F97A69F9A35A008DF57434F689,SHA256=DF831349DBD15BFBB3C0F8D845C6C1BAA3C4709DDE097D165EC0597A3C714818,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030201Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:05.199{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=87EBF315DB08F8A6E741B4C3E999EBDA,SHA256=02FCDBAC139F0B2BB641C24396432C10A4B78FBFBAE2A8F585CED2FE5C5A5A37,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014316Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:06.414{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA9A0925A0D06195B6207DC7B912FDC5,SHA256=61BC23A0AA4AB27D99AFABB523611FFAA48B25FAF87EBC46AFCFDBA758636F1B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030202Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:06.199{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B406513FAE7422A0F6C3175559C767E1,SHA256=67AAA4A7503966BEEC3C6DB3DE8430565C241AD509F260320AC5A1A47CCD2F98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014318Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:07.430{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57F5324D4C90F23490ED06139A9BDB79,SHA256=F0F438F6E17D1385CB3750749AEB0903C5952DE92D025C7BBD4A3076205CDB03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030203Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:07.199{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BC0D5D481BBF5F5F33F3F78F1E939759,SHA256=2F781F0478F59094C125EB8F1DC36BD49F7DD2A07FC268BE868DB6DB38D0D2EE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014317Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:05.309{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50359-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000014319Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:08.649{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F309D37DBA880DD9BEEF0F1EF77D830F,SHA256=8F52524175AE60EE8349B4064C0AE00206A6C78AA29F610F0FBBD9D320359FD3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030204Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:08.215{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F54E9AE3BB8E0D3D81910B833B6850C,SHA256=1ACFD0D33E3FB5FB4B473F26DF15DB7B8A137DAE69ED9ABEDD3B798F9BD93BAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014320Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:09.883{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=808958331D2F2F7B2576100EEEC152CE,SHA256=F0E0409CFE8C5B61F70597165F39391294195DC0F06A7F32A39B7943C94A1D59,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030206Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:07.844{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52064-false10.0.1.12-8000- 23542300x800000000000000030205Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:09.230{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CAC5E88252044462337B76E1A0067ACB,SHA256=9C16C7D0CF6320AFAB3899B225211E1C9C8B49A1435B9F4FF4059009F63448EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014321Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:10.977{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E131885E669B76117293FE6F6D05E043,SHA256=27BB510DD8A8F56ABB9B127B624CE67F3A451F57735CB1BEB2258183AE578AEA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030207Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:10.246{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8FB87F8031812DFB9BD22FF392A313DE,SHA256=D1A78BDEEBC90AB0F7F2F4932ECEEE1E34B7A3D4A5380DCE3CC844C95F2D5CDD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030208Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:11.480{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F17DA4FFCB989086D757FBA276244732,SHA256=4352945A3EA3659425DB20C457DEDD1704946BD8835163C0AF56CE48A6C55A2E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030209Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:12.543{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2615C73960DB9B55E85380B349BD9538,SHA256=7BA97D31EDA4E63AA4D0A16DDDBAA71C3FC236C60BF143ED8B7410B2B17A4ECE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014322Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:12.195{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0A43542017D35527E8CAF6A4C6AB5917,SHA256=6603E5E07B7BC0E5CFD234F70A96069E3F239EE1A0B38E502A4835031A1D0E96,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030243Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:13.949{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=236B363703B560E53409441ED1BE5E9A,SHA256=F038FC4FD48853430A5F2CE7B94978CDC205A159BF8AF02A7CEBA3B7274E0159,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014324Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:11.106{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50360-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000014323Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:13.398{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD35B18457D2BBCACC1590700C55FFCD,SHA256=93E2AA6A644B5739AFEC6112F41EB335F82C9C34B16F43061BD77BE49A195A8E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030242Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:13.121{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030241Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:13.121{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030240Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:13.121{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030239Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:13.121{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030238Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:13.121{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030237Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:13.121{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030236Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:13.121{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030235Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:13.121{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030234Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:13.121{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030233Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:13.121{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030232Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:13.121{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030231Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:13.121{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030230Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:13.121{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030229Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:13.121{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030228Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:13.121{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030227Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:13.121{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030226Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:13.121{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030225Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:13.121{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030224Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:13.121{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030223Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:13.121{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030222Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:13.121{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030221Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:13.121{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030220Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:13.121{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030219Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:13.121{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030218Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:13.121{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030217Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:13.121{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030216Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:13.121{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030215Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:13.121{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030214Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:13.121{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030213Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:13.121{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030212Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:13.121{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030211Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:13.121{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030210Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:13.121{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000030244Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:14.996{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BC78652407E382DD53520F99AC71E19A,SHA256=3473D15149A36B5047D7FD5ECC6F26EEFC9D3FBA404ADFE6216C86678BFE0A06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014325Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:14.539{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E37707348DDBCA2652C340509DBC065,SHA256=0312E9CA0B8C7DD07C744AE178A7216D73CEFD72B3453C615175BD465B08F442,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030245Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:15.996{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D1B5618EC797F7928F9D0D3C2F3CBD35,SHA256=6992109C2A1B33651A69D617BD67A680C4D470A0AAB196AECCD9DA7FD8C4E623,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014326Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:15.695{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=439051383579491928A1FE30C91FFAA0,SHA256=6FFCF0F60D9162C8A45C524EAF9526BA003E46F037124B4C8AC9E43002FC6DCC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014327Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:16.851{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F3667696A3626542F93782594E2DD3E9,SHA256=EE02CBC017AF24D637AD6E1CA17023D5261FF7B31F42E5CE423B657CE612DDDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014328Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:17.960{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5453CC427D5717F1AEEB8D0F6948D009,SHA256=6FEEF7140DDEF525A0208D3E5CD7AB74D81BE34BC27E37EA8FFBD7CD1AA2BC1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030249Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:17.684{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=843A85F9AAA1B9F29D58BCD196167A56,SHA256=889506867CE0C72AA8D31048B5F25C00F7BE567BE6C49D856975EE3484CA350E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030248Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:17.684{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B1535E9DF70AA74E7A18807C2388A617,SHA256=2FD9216CE5D26192D7485BCB709D334FE8E93C2ECE5A74DAC0FF72664F02E2CE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030247Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:13.719{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52065-false10.0.1.12-8000- 23542300x800000000000000030246Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:17.012{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=793F307A95C50BA6B34903FC80F612FE,SHA256=88AC7E9EBC1F57A50A92990EE4D1B3F01E7E72D0D44E4C498D77319B112F11F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014330Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:18.976{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F307D34FDA52E9697464C252CD16CB9E,SHA256=75AD3748429DFC31F1886110E479D3371117DA419378DF8F08CBCDD743C6C74B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014329Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:16.230{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50361-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000030252Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:18.074{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=896D74D74C90282D863030587D6C4FC7,SHA256=9987E44F8336CEB14A42F50F1A07B7639C1D12C0982B2AC1614B05FE77229D7F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030251Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:16.235{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52066-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x800000000000000030250Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:16.235{6EDEAD03-FC2A-615B-2900-00000000FB01}2912C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52066-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 23542300x800000000000000030253Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:19.185{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=130349EF96BC6ABC38FEF36EA06B8111,SHA256=FB922F7112286A4FD9F448C74CDBC0C3DD4C785C0703DE9451D9AD091ABE1091,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014331Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:20.213{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B05F9576A06F2AA7AEF8D7370D4820DB,SHA256=6BB53492DA16408E992B545707E0CBA70DE44F50FF74ED01E0A7E50D5270EA3C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030254Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:20.185{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=909A232A96AC11C06C2B8244B16CB07D,SHA256=43392F639A1DC5799207F9505B611D55CC13C9A5CA7E6406AA8D1DF42B124E60,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014332Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:21.369{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5C53FE92E618C8981742F4BA84FC68A1,SHA256=7F289032AA63AAB0D9982A6AD8EF440AC39E1298BFC8DD4BF0935D5CC6EB624F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030256Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:19.658{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52067-false10.0.1.12-8000- 23542300x800000000000000030255Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:21.201{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BD7F3323FBA6C7A9F2E63E55B66043EF,SHA256=76573C4F78912B83D1399EB003D72BFE1E6F6CAA88CE202AABD4713BE2BBEA46,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014333Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:22.510{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6BDD25005CDED7A8F4D60E8457028E41,SHA256=F8217B4D83DE9ECB93B593B4987B9A2BDF972000CFB6C53C313E9CF2ADE1ACF4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030257Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:22.201{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9DFDBC89485584836D855D6ACACEBDA7,SHA256=B3C68EDE587EF62A327C0E9E3440699C641084462FBF57647C48B38298A10FFF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014334Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:23.557{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51B7ACFFFD26165D1085A89B2C9F0F19,SHA256=DA470425229354078B277E7E397D866D363D7737C759BF1C74CBF2653995B5E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030258Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:23.216{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D21EA41418D10BB10FEE5B88AB604001,SHA256=8A21C827105531D8C6F2358E8566C3C730FC4DB6FCBC46B4EE3E3021EF71219E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014336Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:24.775{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD36A56CF3FC5A5F3A55C77ECE8381EB,SHA256=24599DEB8FA6FA8FA5CC766EF53930E0D71A4E1DB15C532C6B09918A73488912,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030259Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:24.232{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E3359CA4EEE058D5E5B51FE046E9795A,SHA256=8FBBAF207D0CEB9B1F6EE97A7D319D95397AF8D97F0AA191A89C70E88A68CFA7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014335Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:22.202{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50362-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000014337Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:25.932{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=77809BE04AF3120CD784054D735455AA,SHA256=5C15B2E32EE4862D8C442C4AA5248A684CA51C3246FA57E50219EB80B15E1F83,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030260Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:25.247{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8533D87837A9CF4B239EA2EC9771C378,SHA256=A1A230B37F3FFCD1C6B4EA8473BE707BCBCAE90E479DDE45C32ECEBD7DC95207,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014338Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:26.978{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E79CB396ABBB3ACA45950F9C1BD41F14,SHA256=979BF82CBDCC4CF8A18D13E179C6BD30121DF0C98D462E222C6616D00336FADA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030261Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:26.247{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=705108676F6CA6D7C59A14288C4E8350,SHA256=B9B7BD0E5E514DCCAE5B5B2F7E4C487E43DAFC568CBF4F1AE0245391E636CE88,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030263Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:27.247{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=046689CE75DFF05184391959DF3F6531,SHA256=BF70D5C090CBADB4F6783E294FB5FF88B39513522C757ED0F34B29115595D576,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030262Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:24.673{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52068-false10.0.1.12-8000- 23542300x800000000000000030264Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:28.263{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=257A9399CDF83B236934FB1AF8293D7E,SHA256=8B2EA940C2B163AC062F4B0704BF1E6AC02CD688D3297588C75E1DCE28607E43,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014339Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:28.213{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=261BF597DD1850A163D01B2DAE77A33C,SHA256=F0D2D28B795C9FD2515CDC897371F54A24C002ADAA2004C7685CEEEB0FC2866B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030265Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:29.279{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=241FB5F8145EC0E9163D5F2F0F00766D,SHA256=3B51973E1839B7A75C4E34964F1C574440D42C34C210CE0171BB2346F4989B68,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014341Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:29.353{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D9399C8050F80EF374B5EC1330B15737,SHA256=E1F8275E8D77A08CDFB6760F60D24BAF0E5295EE9000C6828B72AEB775C3A9AC,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014340Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:27.217{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50363-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000014342Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:30.541{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=52B79BA586F4CB0D4103B0B288EA5C84,SHA256=A384B511DD127AEA813C355F3953CCD8F6944C2439202DABDC499E19E6B1E569,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030266Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:30.294{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C310ADF262E3F07C43483A9CC597E6D6,SHA256=D039E9E88B9B9F7027D7E7CDC0ADF807315B6C59A3EB8BCB0446B6DFD989285F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014343Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:31.634{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=18F2D70E4B1ECCCE2EE37F194F928803,SHA256=2954C80665242508374545DB4ED38D3A7C3DF099BFD50E1DCAC3F104B3E597F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030267Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:31.294{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=01EE6A2443EFC87E27AC1B934950A5DE,SHA256=411851C16D131F89720EA11B4BF24818A0BFE25EBAE6FC437F1AC427875642B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014345Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:32.790{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=58A21A627ECA9264B18B260B81A0932A,SHA256=1A73B4DC96402BE3EF3EC02698C39D38A85EEB1D770D4F3F4566CA58F8D3E5A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030268Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:32.310{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E58E7AD0C436E1C7737C416F68CB8DF1,SHA256=E3D2D4ADB5246F4772D8332DAD62A38A6A16C0ECE6BC8CF619B019232A052A20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014344Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:32.462{49C67628-FDEB-615B-1100-00000000FC01}964NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=2FF17867814551A590C87740E5C0DFF3,SHA256=5AAB66C3FA6DF77C8D9B18EBE728434C7C3F665932AC4AC62CD49AA2FB0A601A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014346Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:33.822{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FBB3FE015DEB7BE0FB51E86D5E42753A,SHA256=D08E2353C43DF4D2774231F560F11019E11E6988E719679303BF6ECA61BC8B8E,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000030271Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 08:21:33.779{6EDEAD03-FC1D-615B-1100-00000000FB01}480C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b9c2-0x01ec8ab4) 354300x800000000000000030270Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:30.658{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52069-false10.0.1.12-8000- 23542300x800000000000000030269Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:33.325{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B8A4DA1A0ACC781947144AF63D1BFF4E,SHA256=DA64E172F6378E447BCB4D9EB5B4CD42F7DD751C9EEE47C14024B7C0AB17F061,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014348Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:34.837{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C1013ABDF400C0AB732CCA04145169EE,SHA256=E753C0A8E879DC061E504F87D831D500F40F3DE90FD32E915E4AB22B1266D0AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030272Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:34.325{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=064454BF103D61A928113BE51B36F20A,SHA256=8CA06E3A42BE6938930D710C4671AC045B75CF6E0D94AA14E603C16F7E7EA642,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014347Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:32.295{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50364-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000014349Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:35.853{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C144CCAC200463399F0E3D61592E4403,SHA256=050235C47E8079269574FBCE09EA8659B080BEFFBC342E0E65BAC227FB9A477B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030273Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:35.341{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E0BE9A8AB8B23CCFC3FD73FB8E146A91,SHA256=4FD98852B96F9700AAE523CC0A684A36CEBED32C88D5B30FBE6254340A5B2C59,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014350Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:36.868{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C27D03EC3E12F300CE0CF31B0F8F7FCC,SHA256=AC0D0CD36BF994482E2C1104840F4143BC5F92D88C38471245CA62C49E28B5B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030274Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:36.341{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FF940867F422C94378564472B4E76A28,SHA256=A9C76584ABED1F5D63A6E036FBB1E259D5AE562B021E8B62974398CB99D1E001,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014351Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:37.884{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=414E952FD3C1894651B9E2F876B1BCB1,SHA256=18C02D9569C1D898305EEADFB3433A3A47AFCB998653BD61502645F8849ED873,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030275Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:37.341{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FC1992F1719A8EB5DFAF6E8E59CBD272,SHA256=E944DAA1DD2AA8F6E10A6CF8FD8FE2A905A93D31E00079702909B9A1A2E3DEC9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014352Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:38.899{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=61177420BBA62DB461D46A4C71344578,SHA256=2163A6CDA897BBEB1A31EF8CD175593544707C83B49AA4C2E52C903C2DABB3DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030278Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:38.628{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211005071805-061MD5=AA6F78CCC35FD74424B933C975A9F779,SHA256=482DFC86E7C4A11E76E3E352EB64B396C84C083D9F57F37823883232EC55A225,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030277Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:35.767{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52070-false10.0.1.12-8000- 23542300x800000000000000030276Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:38.342{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BAC26FD3A6DAEE23D293866310F24E4A,SHA256=7BE56E03F7517C8F71C5E4C477656A78EFDAA12E428D63C7514E457B6591B6B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014354Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:39.900{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=119ECF83649AB8B157AB269393FD419D,SHA256=6D07ADE6DD24D9578F01C8AF780C7210C26C5E1EA60FE115F1365D98DB230C12,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030289Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:39.743{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0B13-615C-3D06-00000000FB01}6888C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030288Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:39.743{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030287Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:39.743{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030286Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:39.743{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030285Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:39.743{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030284Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:39.743{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0B13-615C-3D06-00000000FB01}6888C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030283Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:39.743{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0B13-615C-3D06-00000000FB01}6888C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030282Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:39.744{6EDEAD03-0B13-615C-3D06-00000000FB01}6888C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030281Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:39.637{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211005071802-062MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030280Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:39.573{6EDEAD03-FCBF-615B-AF00-00000000FB01}416NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030279Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:39.354{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F173B60AB1343F7A51128C9F4F32C1BB,SHA256=6055EE4232E448DA63CA06EB2D6EE7B46EB3BA924CC73C8AA6E50D2E3B3D0829,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014353Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:38.138{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50365-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000014355Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:40.978{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9AB56D599EDB4D21BB8CCC9EC0D2B5C1,SHA256=DA106119F8223E78155CABCADF6240D6BA0A570B2441D1383311AE7C63999645,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030309Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:40.887{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0B14-615C-3F06-00000000FB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030308Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:40.887{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030307Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:40.887{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030306Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:40.887{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030305Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:40.887{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030304Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:40.887{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0B14-615C-3F06-00000000FB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030303Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:40.887{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0B14-615C-3F06-00000000FB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030302Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:40.888{6EDEAD03-0B14-615C-3F06-00000000FB01}5128C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030301Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:40.746{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8BA47D60DE4267EDADC55D107A736117,SHA256=C8CF2FDD2AEF02DA4BD58511D829BC1BFD7D97690D26C8C01F8038B67DC88157,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030300Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:40.746{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=843A85F9AAA1B9F29D58BCD196167A56,SHA256=889506867CE0C72AA8D31048B5F25C00F7BE567BE6C49D856975EE3484CA350E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030299Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:40.528{6EDEAD03-0B14-615C-3E06-00000000FB01}44525696C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000030298Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:40.356{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B9AB57095F996CD53852B4B3323816AB,SHA256=624F607C62EF8D216BFC32CDA94EC85D541274A36292D10039B9A25F1D41DFE6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030297Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:40.340{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0B14-615C-3E06-00000000FB01}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030296Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:40.340{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030295Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:40.340{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030294Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:40.340{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030293Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:40.340{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030292Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:40.340{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0B14-615C-3E06-00000000FB01}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030291Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:40.340{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0B14-615C-3E06-00000000FB01}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030290Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:40.341{6EDEAD03-0B14-615C-3E06-00000000FB01}4452C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000030311Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:39.155{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52071-false10.0.1.12-8089- 23542300x800000000000000030310Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:41.356{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B203EEA3F2D78B3C653A8D9B281F257A,SHA256=A9CFBC6A7F473C88EF994B6085942BBFDFCBB4A2FAFF77834487C396A7FC68BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014356Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:42.212{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=66E8C90F7E6D00421D66E373984E583B,SHA256=515B7B0CCBA26B0CA816F4F2E98AC21DF74A502473ECEF3A685EE9B51FB42A76,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030322Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:42.528{6EDEAD03-0B16-615C-4006-00000000FB01}46765344C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000030321Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:42.371{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8034A6D2A30E2537D6155D64EF5A7351,SHA256=CE28414C53EAD649BC7137B4783713F6C3F579726DB5203F54B13222856F61BE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030320Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:42.371{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0B16-615C-4006-00000000FB01}4676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030319Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:42.371{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030318Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:42.371{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030317Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:42.371{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030316Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:42.371{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030315Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:42.371{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-0B16-615C-4006-00000000FB01}4676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030314Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:42.371{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0B16-615C-4006-00000000FB01}4676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030313Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:42.372{6EDEAD03-0B16-615C-4006-00000000FB01}4676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030312Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:42.121{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8BA47D60DE4267EDADC55D107A736117,SHA256=C8CF2FDD2AEF02DA4BD58511D829BC1BFD7D97690D26C8C01F8038B67DC88157,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014357Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:43.446{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4DD44D3896C626A5598189CD46920B8B,SHA256=1AB92429ED1E31FEA7F55667A19A078751765531FE72C79F961EDF4E09988514,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030342Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:43.590{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0B17-615C-4206-00000000FB01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030341Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:43.590{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030340Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:43.590{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030339Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:43.590{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030338Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:43.590{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030337Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:43.590{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-0B17-615C-4206-00000000FB01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030336Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:43.590{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0B17-615C-4206-00000000FB01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030335Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:43.591{6EDEAD03-0B17-615C-4206-00000000FB01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000030334Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:40.829{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52072-false10.0.1.12-8000- 23542300x800000000000000030333Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:43.387{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2A09227B031609FECF5BF4620DFAB6F7,SHA256=D0E8B2D06793A3C5C10F655AEDCCEE36C6E8AD68420BD93AB602AE69CEF8B338,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030332Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:43.387{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2BD6CA1EEDFF23E056A07A6E1B9F9A09,SHA256=AFFD18324353A31D5E24DA5DC6BA89F0D5BBBB551C9DAA1F99E7BB45AF1C27A2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030331Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:43.231{6EDEAD03-0B17-615C-4106-00000000FB01}38364296C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030330Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:43.043{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0B17-615C-4106-00000000FB01}3836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030329Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:43.043{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030328Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:43.043{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030327Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:43.043{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030326Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:43.043{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-0B17-615C-4106-00000000FB01}3836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030325Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:43.043{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030324Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:43.043{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0B17-615C-4106-00000000FB01}3836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030323Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:43.044{6EDEAD03-0B17-615C-4106-00000000FB01}3836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014385Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:44.868{49C67628-0B18-615C-6102-00000000FC01}5203188C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014384Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:44.696{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0B18-615C-6102-00000000FC01}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014383Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:44.696{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014382Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:44.696{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014381Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:44.696{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014380Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:44.696{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014379Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:44.696{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014378Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:44.696{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014377Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:44.696{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014376Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:44.696{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014375Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:44.696{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014374Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:44.696{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-0B18-615C-6102-00000000FC01}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014373Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:44.696{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0B18-615C-6102-00000000FC01}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014372Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:44.697{49C67628-0B18-615C-6102-00000000FC01}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000014371Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:44.681{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8A1C0C6D02CAAC5D9B72DA16779D299C,SHA256=192ADBA5EB508AD3C5A28F7A190BEE44A2B5A68AF3EF9A03E5880EE73DB7DDC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030353Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:44.606{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A4294425C111CFFC2AC7874C41229BF2,SHA256=977CB932757D6934A1E1E2F31CDFB2F3CFCCAA509B06E1EE0FD5D5CCEC6F1272,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030352Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:44.418{6EDEAD03-0B18-615C-4306-00000000FB01}46723596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000030351Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:44.403{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D017846D6FC0E10A80A4BE1E1163B1D6,SHA256=6C5B5859DF7063022F452944D8F0F86411591C206C9FB36AEA6D4A91AD90472E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000014370Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:44.196{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0B18-615C-6002-00000000FC01}3428C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014369Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:44.196{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014368Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:44.196{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014367Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:44.196{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014366Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:44.196{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014365Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:44.196{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014364Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:44.196{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014363Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:44.196{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014362Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:44.196{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014361Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:44.196{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014360Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:44.196{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-0B18-615C-6002-00000000FC01}3428C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014359Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:44.196{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0B18-615C-6002-00000000FC01}3428C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014358Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:44.197{49C67628-0B18-615C-6002-00000000FC01}3428C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000030350Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:44.262{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0B18-615C-4306-00000000FB01}4672C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030349Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:44.262{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030348Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:44.262{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030347Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:44.262{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030346Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:44.262{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030345Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:44.262{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0B18-615C-4306-00000000FB01}4672C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030344Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:44.262{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0B18-615C-4306-00000000FB01}4672C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030343Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:44.263{6EDEAD03-0B18-615C-4306-00000000FB01}4672C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030354Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:45.449{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=48E119E84A3AF1E735B1917C88BB1871,SHA256=020F3D81EAADE730F11EB75EDAFE725B193C5D56096103FFD0FB76F9EDD7410B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014401Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:43.279{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50366-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000014400Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:45.274{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0B19-615C-6202-00000000FC01}3396C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014399Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:45.274{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014398Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:45.274{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014397Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:45.274{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014396Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:45.274{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014395Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:45.274{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014394Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:45.274{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014393Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:45.274{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014392Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:45.274{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014391Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:45.274{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014390Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:45.274{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0B19-615C-6202-00000000FC01}3396C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014389Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:45.274{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0B19-615C-6202-00000000FC01}3396C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014388Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:45.275{49C67628-0B19-615C-6202-00000000FC01}3396C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000014387Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:45.243{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0797045B85AFE8D1FF6AED8DF3EDF2DD,SHA256=65A13656E452D959A444F88547F3AA42D87FBC9BA9694C4B9C93FEF753C93694,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014386Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:45.243{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1AE1D87319D9EADFB61361492108140E,SHA256=D1251B8C304E144130C16870AC4BE9DA3FF75401BA46B8D37E6342996753B38C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000014417Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:46.665{49C67628-0B1A-615C-6302-00000000FC01}28563552C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014416Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:46.415{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0B1A-615C-6302-00000000FC01}2856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014415Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:46.415{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014414Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:46.415{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014413Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:46.415{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014412Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:46.415{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014411Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:46.415{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014410Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:46.415{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014409Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:46.415{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014408Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:46.415{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014407Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:46.415{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000030355Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:46.449{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=618BA89D4CC8359798ADC3CD1A7B5492,SHA256=0F9D977B7558D8B65E1F5336BF0E12DC0A9A1226074AD0380254B7CBDC6BD18F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000014406Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:46.415{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-0B1A-615C-6302-00000000FC01}2856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014405Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:46.415{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0B1A-615C-6302-00000000FC01}2856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014404Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:46.417{49C67628-0B1A-615C-6302-00000000FC01}2856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000014403Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:46.415{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=08AADF5C76FBA6EC288CC2468E032C89,SHA256=872884DA0D788B351FFFC3A379F09A2DA7128E0E94612FD7B948AED063BDDC47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014402Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:46.415{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0797045B85AFE8D1FF6AED8DF3EDF2DD,SHA256=65A13656E452D959A444F88547F3AA42D87FBC9BA9694C4B9C93FEF753C93694,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030366Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:47.637{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=86AE67308E9A1DF15A6C382ADD563C39,SHA256=7900C76E7B6B8A246E8F35A2FC0E430DECBFDBC15671C4C4208CC29323E56593,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014420Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:47.805{49C67628-FE68-615B-9F00-00000000FC01}1772NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014419Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:47.634{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=621DC9FC66C59FD455E9DABEE06D49BE,SHA256=CD87A1B69360EE5490288754BC7440C675363EC1D3A4BD12A4624A791EB9B558,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000030365Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 08:21:47.621{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000008) 23542300x800000000000000014418Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:47.430{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=94B1E18BFB7D43C093289F0F39D14809,SHA256=95BB3CDC1F5C71A113CFEF7618B081B229E153920CBCA8302FD07BA7B7ABBAF2,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000030364Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 08:21:47.621{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x003aa761) 13241300x800000000000000030363Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 08:21:47.621{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b9b9-0xa81570d7) 13241300x800000000000000030362Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 08:21:47.621{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b9c2-0x09d9d8d7) 13241300x800000000000000030361Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 08:21:47.621{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b9ca-0x6b9e40d7) 13241300x800000000000000030360Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 08:21:47.621{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000008) 13241300x800000000000000030359Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 08:21:47.621{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x003aa761) 13241300x800000000000000030358Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 08:21:47.621{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b9b9-0xa81570d7) 13241300x800000000000000030357Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 08:21:47.621{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b9c2-0x09d9d8d7) 13241300x800000000000000030356Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 08:21:47.621{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b9ca-0x6b9e40d7) 10341000x800000000000000014448Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:48.805{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0B1C-615C-6502-00000000FC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014447Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:48.805{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014446Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:48.805{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014445Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:48.805{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014444Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:48.805{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014443Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:48.805{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014442Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:48.805{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014441Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:48.805{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014440Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:48.805{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014439Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:48.805{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-0B1C-615C-6502-00000000FC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014438Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:48.805{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014437Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:48.805{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0B1C-615C-6502-00000000FC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014436Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:48.807{49C67628-0B1C-615C-6502-00000000FC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000014435Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:48.680{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0B7FDF4A9CB8A0D50AC466A8CBDB4B7A,SHA256=966C376ECA1DF7BB4D394CDA64EC7A8827081DC20E77583AEA70D84FEF0A4F62,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030369Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:48.653{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7E454B71A30847E6A65F56A7779AF5EE,SHA256=67FE54E62D73C5FABB2F6C1E0F7ECC85937E4B76F70C42AE7337B0D20625669D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000014434Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:48.430{49C67628-0B1C-615C-6402-00000000FC01}39243432C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014433Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:48.243{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0B1C-615C-6402-00000000FC01}3924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014432Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:48.243{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014431Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:48.243{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014430Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:48.243{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014429Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:48.243{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014428Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:48.243{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014427Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:48.243{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000030368Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:46.782{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52073-false10.0.1.12-8000- 10341000x800000000000000030367Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:48.449{6EDEAD03-FC1B-615B-0B00-00000000FB01}636692C:\Windows\system32\lsass.exe{6EDEAD03-FC18-615B-0100-00000000FB01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96ef2|C:\Windows\system32\kerberos.DLL+793e4|C:\Windows\system32\kerberos.DLL+1443f|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+2b3d4|C:\Windows\system32\lsasrv.dll+30929|C:\Windows\system32\lsasrv.dll+2e287|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+15ded|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000014426Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:48.243{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014425Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:48.243{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014424Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:48.243{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014423Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:48.243{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0B1C-615C-6402-00000000FC01}3924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014422Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:48.243{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0B1C-615C-6402-00000000FC01}3924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014421Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:48.243{49C67628-0B1C-615C-6402-00000000FC01}3924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030385Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:49.668{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FC3E7097D72DA3F849B0D30837CE5AA8,SHA256=81EDA6729B953BEB7CE729143DB75B6047C758F4581BB533E7D49D0EEA7E6BD1,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014464Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:47.841{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50367-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000014463Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:49.321{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=164A764067E833F4354A6ADBFFACEF97,SHA256=5C67597E44AC380BDB0FF5ABCBEA7EAA51BE8F20D1479242163D04B137917528,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000014462Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:49.305{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0B1D-615C-6602-00000000FC01}2576C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014461Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:49.305{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014460Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:49.305{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014459Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:49.305{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014458Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:49.305{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014457Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:49.305{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014456Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:49.305{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014455Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:49.305{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014454Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:49.305{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014453Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:49.305{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014452Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:49.305{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-0B1D-615C-6602-00000000FC01}2576C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014451Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:49.305{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0B1D-615C-6602-00000000FC01}2576C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014450Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:49.306{49C67628-0B1D-615C-6602-00000000FC01}2576C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014449Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:49.118{49C67628-0B1C-615C-6502-00000000FC01}19681808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000030384Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:48.055{6EDEAD03-FC18-615B-0100-00000000FB01}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local52080-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local445microsoft-ds 354300x800000000000000030383Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:48.055{6EDEAD03-FC18-615B-0100-00000000FB01}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local52080-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local445microsoft-ds 354300x800000000000000030382Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:48.052{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local52079-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local49666- 354300x800000000000000030381Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:48.052{6EDEAD03-FC1D-615B-1300-00000000FB01}1032C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local52079-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local49666- 354300x800000000000000030380Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:48.051{6EDEAD03-FC1D-615B-0D00-00000000FB01}908C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local52078-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local135epmap 354300x800000000000000030379Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:48.051{6EDEAD03-FC1D-615B-1300-00000000FB01}1032C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local52078-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local135epmap 23542300x800000000000000030378Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:49.465{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=29B9638F00EBAB6DC084EAE75E71D399,SHA256=C56D91B5E89A41ED846207CDF18C70C8D169CF662C57F722AF7D723813CDDAF4,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030377Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:47.953{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-676.attackrange.local52077-false10.0.1.14win-dc-676.attackrange.local389ldap 354300x800000000000000030376Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:47.953{6EDEAD03-FC1D-615B-1600-00000000FB01}1288C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52077-false10.0.1.14win-dc-676.attackrange.local389ldap 354300x800000000000000030375Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:47.942{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local52076-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x800000000000000030374Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:47.942{6EDEAD03-FC1D-615B-1600-00000000FB01}1288C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local52076-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x800000000000000030373Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:47.941{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local52075-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local49666- 354300x800000000000000030372Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:47.941{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local52075-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local49666- 354300x800000000000000030371Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:47.940{6EDEAD03-FC1D-615B-0D00-00000000FB01}908C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local52074-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local135epmap 354300x800000000000000030370Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:47.940{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local52074-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local135epmap 23542300x800000000000000030387Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:50.668{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3D93F04B9FE5081E60E68E92A3F0384A,SHA256=A1247A425129F011528ABE0384DF53FE6D6FB3BE56809ABE7B7A579A4CA21735,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030386Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:50.668{6EDEAD03-FC1D-615B-1200-00000000FB01}616NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=C97382022572463F7D2602AEABC6CD34,SHA256=3B4B58A9CA75E66A02BC0B40481A0B74F0E0F0C8C70EA63229B457F650DE37DB,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014466Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:49.263{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50368-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000014465Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:50.055{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=70D618C43B0A86BFC74297BC07115F4D,SHA256=95FEDE64BB2C09A5D293F38E6FF1A171C75C4B1C594BBCE0066252EA4A2DD730,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030388Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:51.684{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1C516675C3CCDD819ED83C88A71777D1,SHA256=D8260A7A5D0530B203060BBB7023887006D573B0751F1AB04AA1C1CB9F0E830D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014467Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:51.071{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=71AD80E07A78D261A7F34D4E97E94819,SHA256=75E1E852847689357A928F8205270F101E5396446F6F1846E561BAFC60366894,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030389Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:52.684{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1AF60BCB10FCE882345988871A7DB6D9,SHA256=FB119BD3FA2EB851B7F49D791729A0E06C6C8D451A6263CEDE3398A21DE62AC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014468Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:52.149{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4A4C1EE6790DB2210E3EA85D24CDD894,SHA256=336145B405F6AD008454128DDF24E5E525E8EE1BE8A4639BC61613FF4B21632F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030390Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:53.731{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8006E910930A28E02F258A4D42BDD550,SHA256=8DA483999A1CEDBCE7B294F8056F1A52FDB7599EAD6ACE0493AAD640CE81F689,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014469Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:53.383{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=12A3FD5F3B4FDBFC2FB99A6730A6EDBF,SHA256=4A6FE7B9D0ADA63673F1485D83EA7B436543BCFD61A9BF80736FB4A19F189CAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030391Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:54.746{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=43068C1A4E9B477CD755DA06163C3713,SHA256=A20FB97CB84330E21F5D5128E5B1CAC1AD3C545C558553004035C3E5F0EB2F7A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014470Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:54.493{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8073B8E7F0DE7A78C25ACA5100092F57,SHA256=3B37A5EA6D20B127647BEC91134AD93C11A30FDE2E7B6E5D580E0BDF4A9F9BD2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030392Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:55.778{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=299502AE861CB215BC07A680CED9BBA7,SHA256=B4E7EE388AC7B439FB02C5F8CDAC02072122F1C8786B21AA5A6C055C9016BD2D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014471Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:55.617{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ED335AC622D326B29B3AA32AE5638681,SHA256=9DB5213C5A681252C6C3579EFFBD9F81C3E4F1CB9F5F588AD448A72733C7307F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030394Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:56.793{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A3291B0A700BA843F8BC3A13E9D5237A,SHA256=5A1C2A599F26A0D458613706718D641EB7FF38257FA2E7F24D46EE861917578D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014473Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:55.060{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50369-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000014472Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:56.775{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EC585DFCD73BFE74D2973399B42274DC,SHA256=D2AACB5FB1D8293C6D59EFE6E3709C8DB6DED01671624720C4AD8764E5E12DD0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030393Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:52.688{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52081-false10.0.1.12-8000- 23542300x800000000000000030395Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:57.793{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2AC1616100F6FB7047A7056C3774D80E,SHA256=4CFA767BF93CEF662E033CC553C10B022FB994DA69D7410BDA0B20C3D59DCFC5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014475Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:57.936{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC5A6B0A33766581662A300E6E8150F1,SHA256=BE24FCFFBFDD01895FBB5BF6AFF5FFB416D8CEE7AB4F46CAB9C73C4E3EBF1FC7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014474Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:57.294{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211005072534-054MD5=9DBD3CF651CAD1963D7DD9E70795396E,SHA256=D00FE5240C0E39CC33FD8ADFFDA13197E8833401D0A3D05F731F6A79B8E00229,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030396Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:58.809{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=184866C43AFB347A8049C39A2B9B568A,SHA256=D4D2572BF23F51B0A128FC85FE78A82CCA1205B65BB719099E7C50B1A8F81D1D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014477Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:58.984{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=174A8E811468744260F2FD299C060B5B,SHA256=BF02BEBA68E41C34B1FFFE48B3B431ED0C94F64FAD7C5FDE6D414322820A8F15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014476Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:21:58.296{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211005072532-055MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030397Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:59.821{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E8844E1C59BDE6E6FA1F2554236E1F5,SHA256=3973FD885C169099D309414983557EFAD2CC9C804D2B0C54FF50CC8BB74725EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030400Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:00.836{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9459F8A3484EBD23CC05ED93CDE0B1C4,SHA256=75C429D0DF245A63ED0409992927A4339D44C200036A36BB20978C6A9D7B5D39,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014478Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:00.021{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B120E0E4F47DCBABFB0796F3C9BC7C73,SHA256=7BD669DA552E8A26A0E850CA1D3D1C9F6D4342C22CE251031B4ECCFEC5339D26,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030399Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:00.196{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=12D3553CB812975B485F37054D8F3C7C,SHA256=75E7BAB5C0C1A7D77AFFC455458A18BF82D3726620B409CB2EC54795DA421974,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030398Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:00.196{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4B89035A86FE9A9CE7E2B25B1D0E31C7,SHA256=7FC053B898CB89090E0F0D1200734D263AD0A50ABC8168BB4565C287073CE3CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030402Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:01.899{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA6000FB9351334625CF5CC83394B3D2,SHA256=CE774B8424997C9272982790FA1B74225B0E9F1A4E2A01B246FF8C749DF2E9EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014479Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:01.068{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ED6CBADE4CE8ABD1E1DA6608EBB65F7C,SHA256=90BD8D1D31962E1768C7C31DC7A9D94BA4583D8596C5BF9D85AC1EA5A3471783,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030401Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:21:57.704{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52082-false10.0.1.12-8000- 23542300x800000000000000030403Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:02.946{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AEC620D78DFB2B51C2BD0288CF335BC9,SHA256=4B10D25F19FBA4FF70F87DE84453C6E865C6CB16157587FBE151DC1171F7860E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014481Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:02.286{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BEBC7CFC0C14524BBF693664ADF30CC3,SHA256=11017814439978B62896F6EB7596A5FD8B33D853111CEA5F774852A38970E392,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014480Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:00.103{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50370-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000014482Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:03.520{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A788DFAA207AEF948942E2CEDF8FFA3D,SHA256=63FD08F3B5E628EAD0900651E48387E15ABCE739A52F5DC2C07CDCAD5224CCE5,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000030404Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 08:22:03.914{6EDEAD03-FC1D-615B-1100-00000000FB01}480C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7b9c2-0x13e2e228) 23542300x800000000000000014483Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:04.739{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D9F0DC954DF0F14CCBAACC50F888C6B2,SHA256=D15DA76DB679A2EC030DE43A38BF8C7402BE9A6D23B223DDAE27CD00F7C2FF56,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030406Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:02.809{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52083-false10.0.1.12-8000- 23542300x800000000000000030405Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:04.008{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7AF02B53F08DAFB9570CEF8A43A703EA,SHA256=21ED24988C3B1732C0697771D0E9E173828FF805E44B6C7DDC6833663C3EE2DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014484Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:05.786{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DAF27A85A3FE1AED1806FB1993FDD66C,SHA256=39846BC2B0892B84D6CFD81CAEE154A20DDEABEF6F19B9CCB220F34F712F73C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030407Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:05.039{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A08DA2DF66684F60B7677FE98C89C4E6,SHA256=CCF1F080EEBC70ABCA1981832827B13307619DE854D64879D36AC27F312B5B7B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014485Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:06.973{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85EC8F57CDF0C7A46A0279B62449BE3B,SHA256=B8AFBCB94BE50827F6261382B0AD82DD1CA25806BEF586EDBD30BCED09E25028,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030408Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:06.055{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=17C32427C58F23056AE8BD06A17BFFE8,SHA256=52EB40422B74956CEC8F8062996E347E9281FAC3C80DDA6F9D2F446D41B1650A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030409Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:07.180{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2C5FEA59E1376367755214D90D87BCCD,SHA256=35DC7F5BAE286A88CB969F10B20F2E41666A8FBF57D322DDE8B2C0A344EA8C85,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014486Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:05.181{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50371-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000030410Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:08.196{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E70415F6B1F1D60F3667CF95CA7E560C,SHA256=A34FFC5032078C5C7DB8C2C5874DA8C04E9FF8E47552225BD81D63BF22CA282E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014487Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:08.161{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B7CCEE1AD51F7C44334781D657D8874,SHA256=C68945CAC253A654FB8BE68C851847A8C881491F55C4A7D1605EB3144CA56B3C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030411Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:09.211{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FD002A9A90EEA053BE1FAF1CB65535E2,SHA256=9A15D3FD23DBB524DA61B39A129E7A6840983D2F7753809FF2A5D5230687AFE2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014488Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:09.208{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD1B4605FC2357ECCA7B4F48600E4359,SHA256=EB073912625C821DD54FBDEA92225E4ADAF87CC3D049FD1818E9A354F88590AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014489Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:10.333{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C9633A82275764331DBE0F3363740A35,SHA256=CBBEF9D255C2E379C063FCA3BF9C45D30D4159654AC1A165CAECF674B7A525C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030412Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:10.227{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=49214EB3B64876E0CB11AE5361DE5ECC,SHA256=B2AB4D07156CEDE440E844F0153F093A6C64B338C17D90041B2AFE30089160F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014490Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:11.457{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3BACE0030D30BC6CF11CB31B18FFB43C,SHA256=430520A52EC1A39BCEE5D1361A9FA019D3D1439A2BD331E02D324B79D27D72A5,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030414Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:08.778{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52084-false10.0.1.12-8000- 23542300x800000000000000030413Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:11.242{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EAC8E478A77900ACED4258103E1253DA,SHA256=AAF7DD8E6B48E3CEF27A09C5704D6030781A97DFA62B25D852A3A273C3DA9435,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014492Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:11.228{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50372-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000014491Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:12.692{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0059F122BC2638406D53038F1B0A168D,SHA256=B71A171A738E5EC81688E7274D84FBF88D823825743D607E9838C641EB4A3592,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030415Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:12.258{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=180314E37159307780242C4D04BDB7E6,SHA256=3DBDCA3ADE173D5D6224CE8E2CCE8B4A89D6AED53C89A4CAA11444565C2284D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014493Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:13.754{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B2C7692C36ED7C81ECC57435BED8BE3F,SHA256=19764266388F845D4195CB707B80F80CE94846914FF5B21D0E92F4C4D34C5DCB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030416Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:13.274{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=05C6222277A4B156599C50DCA5685FEF,SHA256=CAB5A878F5D9AF06CFF420E5CCB772C16CB8F9AA3E0A36F0E522C6EF8C1E9F97,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014494Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:14.926{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A0F25EA8EE411FFE54510473AB281E4,SHA256=14CB10131CB23BDD778EC85C4FE61CA6590E1EDF566BD6220ABEE29CD76E3AB3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030417Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:14.289{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE31EFDF17791FB1FA54133FAC45BC10,SHA256=630F074C0F2F3E8EA57BA0C48D643063C92AE9696655C201707AED594BBF4320,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030418Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:15.289{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2AC0B74EB7B99BF3456744239A38D695,SHA256=6BA5D85B0D1123FA3DFF482BB4FB141DEE899093D163488FB832EEC659A13AEC,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030420Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:14.731{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52085-false10.0.1.12-8000- 23542300x800000000000000030419Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:16.321{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=28AAC6646036ED0B4AB6F6D3725A9D10,SHA256=094393A308518AC1152FF4F21CFBF9BE693B6E6CA8E9F9A90454B3C730677CA2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014495Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:16.051{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A5620EE3A85F3BD2147B889E30DC12FE,SHA256=99868D4A00A1FD8C2E34960405526B916EFCD845FB7DF4ECAC1D2B8D8D4666F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014496Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:17.286{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E2594ADF24E56093C16A548F36E817D4,SHA256=3951252EDEBF26AC60BD9FD8B28358488441FB7C9FB1883D1EC3D9025D3C403D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030423Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:17.649{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FDFC2C711F738FF9C63D1503BD422C8F,SHA256=6FF7DF02419F848DC2F969AA536D9EC99EB5CBC85A314D2F1525936D68C88DA4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030422Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:17.649{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=12D3553CB812975B485F37054D8F3C7C,SHA256=75E7BAB5C0C1A7D77AFFC455458A18BF82D3726620B409CB2EC54795DA421974,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030421Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:17.352{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=90B96DD1B29869C30693E657224B3FEB,SHA256=A6B96694BBC3CEFDB36CB77C40E5CDF599EE45A0A4EFFA71D2C4FE6C147A14FB,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014498Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:17.150{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50373-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000014497Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:18.521{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=68AB7415F6FC4411D1936D3C892A1F5D,SHA256=7F9558434B404AF26B798D242AB8F02CD8D18A57DF6AD404A4D1F22872376793,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030426Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:16.247{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52086-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x800000000000000030425Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:16.247{6EDEAD03-FC2A-615B-2900-00000000FB01}2912C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52086-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 23542300x800000000000000030424Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:18.352{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B91D6E55ABF373D47001979D569D50F9,SHA256=5D797D72D3B1A02BF6F02AD565CA287D54C7629FD9407A7510573CFBA5C61360,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014499Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:19.755{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3719281CDDC7BAE180310C4DFF3AFD37,SHA256=57D6B30BB3478FF0C53DE3AC3DDF9932A8680D5E66F5342299A22D36D3D8D604,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030427Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:19.398{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DDD8DC833317BDBDAE9B9CDA4D658ABC,SHA256=2356F3A0FB298E30557F03B2AF32D14197A02A129F7C6CB1EFAB9CDF46159DF2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014500Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:20.755{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4482761D7591D38A813B81F27A0E56E6,SHA256=1A05E7C0FED2C38D8D5725877628E263CDAA35CCAA20E75C5914DF07C17DFFB9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030428Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:20.445{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E0B4212078F0391EF2EB6CAD3D22847E,SHA256=D0739F428E3AE1A47D38C6CCA811AD59B00131DA9218B95C638E8DEDA36AAD01,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014501Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:21.771{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=27BDFBC6DD357676954398060769CF7D,SHA256=15AEE7C3D5DC09A3B3FB4824D888E16B78F4B3AD361689AA3D04DA429896DE29,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030430Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:19.840{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52087-false10.0.1.12-8000- 23542300x800000000000000030429Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:21.538{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7DEB712672B083C6DE878ACF6AAC3A76,SHA256=55C1D09362B6EC61B246E8675A0D24AEB8AC0B39AED6E283D5AC226D284C0F17,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014502Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:22.975{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E395EF76116D9EC991BCF57BCD078137,SHA256=B576787D3A87E5FC2CFA906CAA5FAFB47FFF7DF7ABB20702AF31145B87BD6645,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030431Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:22.585{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=873FD868BA3F2412DF8586E1D4725C2C,SHA256=4F56913B1A9A0337CA7C451AA0E6935DFE9A521449986FDA33B7B49B68584874,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030432Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:23.742{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C9CDB68720939CDF35B981302D891542,SHA256=D54E823CAEAF6CF17FA40043743C90D6D6F39F1CCA951FCF44A82223FE01F8AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030433Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:24.757{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=95F6768F0B6EE6BCEE145BBC442FAE0A,SHA256=53C98653B9627B129CBCCFF26BC5535585D0067F6626FE30E918C85C82398BF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014503Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:24.210{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E7DFC46F80223212422D8042359AAF7,SHA256=7D60D21CEBCA504812C2874086D6E5D50597B5C2C575C75A47FA35BD6C78EE5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030434Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:25.757{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0D5EF05C8FED6B7AF3BE07BAC6557A15,SHA256=F2205A5F1982AC245AB8B4C373AA32180B2FD9FF9FD0916F62987F87D6E9455B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014505Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:25.320{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA34C014DB3371352ECE299C9E49A9BA,SHA256=B7117BA335D23722B1886FA701B35A6447558597F04C023870B8250266DF6900,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014504Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:23.136{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50374-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000030435Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:26.757{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EAE0254FFA67D5A0F81B63DAD0721A0C,SHA256=0C0D27FA78E3D7301234BC35DC195AD240EF4E917416B76E995300BDE8B69301,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014506Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:26.398{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=06B55E6F4ECD99F680E1232D57490E24,SHA256=2541E9B6F997DF4DF67D2F2D7931DFD12486F62E43D14504B4CF684F5892FD15,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030437Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:25.745{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52088-false10.0.1.12-8000- 23542300x800000000000000030436Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:27.758{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA662EF976B856C2E83489ACF12BCDAB,SHA256=346FDF20C910BCBF5E9D45C8FADCF91661DC7F8A8A339462826C803FE54193DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014507Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:27.399{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=48D7D6865FA93FD88D78E136529BEDC4,SHA256=51E7631D629303BC4EDA0480DF491163F670BEAFCFAFC79EE894E6587B6E504C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030438Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:28.773{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2A59C6F30D1A7691FB9FF6B5F553EBBD,SHA256=B68EF5408D342789EC171FE3678DB638297C4E690E065545C6748CA80A02C887,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014508Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:28.540{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B13CB2EAE376CB50D30F8CD87DD731D1,SHA256=0B75487A95E07D0A5EED34C8DFB4B2BBDEE3018B67646B0E214219AA7C310F8F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014509Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:29.759{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=50601BFDF0F6F6DDB5360EBE47D5D391,SHA256=1EE48000AC8EFB03251E80C9A5F8FAEB4706876B119CAF9E8E183BE6945B28F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030439Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:29.804{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13A18B5C3F81E219B82988E3C7EEE969,SHA256=C2490F2E57C0C12FCC10C3AE9D63203A9B7D3F0FEC1E52E9E11C2FC2B8506F7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014511Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:30.791{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=378D8FF1E2400CED722DF165EC72C26A,SHA256=C58D780C4A6D74B7EFAA1CA6C50152B06C3E6F45FD776CD4AF1701431A6009C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030440Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:30.820{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=59A90BE2D57AB7B62F92F4DE6F037E12,SHA256=2AB5E225B840717121C012B555D94A3AE591020E157055229A81BDC4643A82E6,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014510Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:28.138{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50375-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000030441Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:31.882{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=716D4F0298FEA3D33573B953D4029FCD,SHA256=2EA077785D89F65818A0B5D900ED9837157103898232D8265984A8250CD21208,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014512Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:31.932{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4F6C7120FDB2AD37E93439F642954CF3,SHA256=FFF6D321C731519E8C241A241115DCDD5E03B1168E5F933CE1CA7B0BD7D91808,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030442Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:32.898{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B9445DF5CF7B27E6F3843129E1E34424,SHA256=BDFF53308EE64DD25518483C407D2A4206BBE1A20B9D6C0D323F31E71162BC1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014514Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:32.964{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1252816B5D50D0E767E50F7EF0706090,SHA256=1724EF382E84135CAE28C7387416973E8B3173E72A69A8A654E708A797DAAA05,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014513Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:32.464{49C67628-FDEB-615B-1100-00000000FC01}964NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=26A18D98B68C2ADA45155196E817CB90,SHA256=9F8B8C8CF8A0978D1CEAE7FB2D4D3AF9515C78BB0B8E75783C81877CCA63E41A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014515Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:33.980{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F1EA539CBEA3645EA80B26CE6259572,SHA256=CF88B40ECEE574855B69508F4798464C4B4CC556B6711E00E31C4A22B884AA9D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030443Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:33.929{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=28E82467A16ECD391B046209EF6304AF,SHA256=F5C765C57F9F92F375CA75B77E32FBF9B7A31CDB5CE3562D68A55D8CBB104575,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014519Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:34.980{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9189B96747246502658037C90F109772,SHA256=B0969D8F0C841D094A573E8E6A2FB3623F094D4DA874494F0FDBC669A29D2D01,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030444Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:34.945{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FC7C8DB66FADFD0BD2B1B3BA15BE225D,SHA256=67632E57E2EECE86F2E124917DB4CFC07A3FED659044EC0DF7F86CB2E34B499A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000014518Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:34.668{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-1300-00000000FC01}684C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014517Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:34.668{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-1300-00000000FC01}684C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014516Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:34.668{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-1300-00000000FC01}684C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000030446Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:35.976{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=32B393267C152B6B7A122427796A3759,SHA256=1C022C08682D3BB42238D542E49983C0E90C98CBAF8892A05E59F989FD80FC49,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030445Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:31.762{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52089-false10.0.1.12-8000- 23542300x800000000000000030447Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:36.976{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3CBC7AE47114BE88D2E140CDFFDF42E4,SHA256=73581172EFF1E64A7EF2CCA4F18C2DB7D6F56711FDB57D8377E17B2517AF21B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014521Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:36.215{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B902ED0367C869F3FBD94D871F3A2E87,SHA256=A0D2AC1405B378B5D0A718FEC28881A4EF25989019D7B9D4A723528F67A63564,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014520Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:34.078{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50376-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000030448Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:37.992{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE19A50D872221E9C289BF5DE04A9563,SHA256=82143CD6D3343AA086C466C11A39024235DD3AE1CA6447BB9092846127807EE3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014522Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:37.403{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=59E25EB200C57F08D296C89393F99F69,SHA256=7EB23AF88F373FFFF36977D138F06262D6B88AA63E5D745B6A2E7AF44FA5DF6A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030451Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:38.992{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F6F3F49A85336054C221D9825BCF273,SHA256=F2DF293DF983537A9813AC679C709BAB91B522840E00258BA3861068D94BEEA3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014523Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:38.404{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F6BE8E25F177105E9CF16D6A4FB0B20C,SHA256=6C604C475EB0934D2EF9CB2C965A2CCB38297DF663A40EAA27266E94EC941F52,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030450Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:36.982{6EDEAD03-FC18-615B-0100-00000000FB01}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local52090-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local445microsoft-ds 354300x800000000000000030449Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:36.982{6EDEAD03-FC18-615B-0100-00000000FB01}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local52090-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local445microsoft-ds 23542300x800000000000000014524Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:39.649{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F81FCD9F4736339BD2B3262A08F89AB,SHA256=0E88FA70143A6B668F0EB3A48FD08EEA5FFF2CF151A8479AA2D60548E1CBFD36,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030460Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:39.747{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0B4F-615C-4406-00000000FB01}5144C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030459Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:39.747{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030458Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:39.747{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030457Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:39.747{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030456Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:39.747{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030455Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:39.747{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0B4F-615C-4406-00000000FB01}5144C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030454Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:39.747{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0B4F-615C-4406-00000000FB01}5144C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030453Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:39.748{6EDEAD03-0B4F-615C-4406-00000000FB01}5144C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030452Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:39.589{6EDEAD03-FCBF-615B-AF00-00000000FB01}416NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014525Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:40.883{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=38840970F1FC5D565896F289F5E20C44,SHA256=98519CDED0D8DC2D1269F6200774817FDDE87F8B97B862D5940736D839CB2084,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030474Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:40.983{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=34EEB4D3582BCBEF53609CB38BEF17C9,SHA256=A5602461C20FE635FDF947984761E06AA4219813333D833A78F1F3B274E48BB8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030473Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:40.983{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FDFC2C711F738FF9C63D1503BD422C8F,SHA256=6FF7DF02419F848DC2F969AA536D9EC99EB5CBC85A314D2F1525936D68C88DA4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030472Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:40.514{6EDEAD03-0B50-615C-4506-00000000FB01}22445228C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030471Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:40.342{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0B50-615C-4506-00000000FB01}2244C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030470Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:40.342{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030469Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:40.342{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030468Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:40.342{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030467Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:40.342{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030466Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:40.342{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0B50-615C-4506-00000000FB01}2244C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030465Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:40.342{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0B50-615C-4506-00000000FB01}2244C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030464Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:40.343{6EDEAD03-0B50-615C-4506-00000000FB01}2244C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030463Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:40.155{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211005071805-062MD5=AA6F78CCC35FD74424B933C975A9F779,SHA256=482DFC86E7C4A11E76E3E352EB64B396C84C083D9F57F37823883232EC55A225,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030462Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:37.730{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52091-false10.0.1.12-8000- 23542300x800000000000000030461Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:40.028{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A36AD5EDCD4BE6BD91AC8DDD74A38C36,SHA256=FFE81DB7EE87A44D6B0C0379FAA3DDDA85D7C56850A720F2157B4F4BD6A2AA96,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014527Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:41.899{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=70960ABBFF5D73A3EC6F6FAA08087250,SHA256=73DA1D5768931CE6FEAE4359582049C6936A8C7361FA0F194D99DDD05A7D3874,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030485Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:39.171{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52092-false10.0.1.12-8089- 23542300x800000000000000030484Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:41.155{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211005071802-063MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030483Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:41.030{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8BB6DF4A610E40A80D467684E08DCD63,SHA256=0048849717591B10F695C2B031DAA234F4B61A31FA09F6D7C69B8CED75726D79,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014526Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:39.247{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50377-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000030482Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:41.014{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0B51-615C-4606-00000000FB01}4344C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030481Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:41.014{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030480Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:41.014{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030479Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:41.014{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030478Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:41.014{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030477Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:41.014{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0B51-615C-4606-00000000FB01}4344C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030476Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:41.014{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0B51-615C-4606-00000000FB01}4344C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030475Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:41.015{6EDEAD03-0B51-615C-4606-00000000FB01}4344C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000014538Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:42.977{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=632D55B3ACCB3E6CC5D825EBF38ABFD5,SHA256=9367F9E0FE1AAA494DD0975590DC1B05B62FC7315A969267AC1B84F19B978537,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000014537Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 08:22:42.853{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000014536Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 08:22:42.853{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00346881) 13241300x800000000000000014535Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 08:22:42.853{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b9b9-0xc8d09294) 13241300x800000000000000014534Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 08:22:42.853{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b9c2-0x2a94fa94) 13241300x800000000000000014533Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 08:22:42.853{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b9ca-0x8c596294) 13241300x800000000000000014532Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 08:22:42.853{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000014531Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 08:22:42.853{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00346881) 13241300x800000000000000014530Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 08:22:42.853{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b9b9-0xc8d09294) 13241300x800000000000000014529Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 08:22:42.853{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b9c2-0x2a94fa94) 13241300x800000000000000014528Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 08:22:42.853{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b9ca-0x8c596294) 10341000x800000000000000030496Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:42.546{6EDEAD03-0B52-615C-4706-00000000FB01}66284144C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030495Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:42.375{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0B52-615C-4706-00000000FB01}6628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030494Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:42.375{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030493Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:42.375{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030492Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:42.375{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030491Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:42.375{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030490Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:42.375{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0B52-615C-4706-00000000FB01}6628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030489Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:42.375{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0B52-615C-4706-00000000FB01}6628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030488Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:42.375{6EDEAD03-0B52-615C-4706-00000000FB01}6628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030487Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:42.031{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=83B8EA0EB7C5F18BF852E96ABE6E1D5B,SHA256=1756936CD7C925CAB62EE7874BCE0F07E5E7A3B1FFF34221AB756B052E79CF7B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030486Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:42.015{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=34EEB4D3582BCBEF53609CB38BEF17C9,SHA256=A5602461C20FE635FDF947984761E06AA4219813333D833A78F1F3B274E48BB8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030516Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:43.890{6EDEAD03-0B53-615C-4906-00000000FB01}57605708C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030515Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:43.718{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0B53-615C-4906-00000000FB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030514Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:43.718{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030513Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:43.718{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030512Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:43.718{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030511Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:43.718{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030510Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:43.718{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0B53-615C-4906-00000000FB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030509Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:43.718{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0B53-615C-4906-00000000FB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030508Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:43.719{6EDEAD03-0B53-615C-4906-00000000FB01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030507Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:43.421{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D2A6CBD8C6C7B513E2520B23D091E253,SHA256=6C6E389DDC97B17AE3327CA061BA61C3911C75554569D1D6C2404A9B0F1E2A11,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030506Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:43.234{6EDEAD03-0B53-615C-4806-00000000FB01}50245424C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000030505Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:43.062{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EB7348CEF5C2BAB596FE076B17ACD0D3,SHA256=4244A196D601F3F34379025B9EBEAEE5A7B829BC4CE4C1085E3D62F9E909C457,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030504Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:43.046{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0B53-615C-4806-00000000FB01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030503Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:43.046{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030502Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:43.046{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030501Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:43.046{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030500Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:43.046{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030499Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:43.046{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0B53-615C-4806-00000000FB01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030498Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:43.046{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0B53-615C-4806-00000000FB01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030497Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:43.047{6EDEAD03-0B53-615C-4806-00000000FB01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014566Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:44.886{49C67628-0B54-615C-6802-00000000FC01}13961392C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014565Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:44.696{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0B54-615C-6802-00000000FC01}1396C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014564Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:44.696{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014563Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:44.696{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014562Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:44.696{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014561Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:44.696{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014560Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:44.696{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014559Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:44.696{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014558Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:44.696{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014557Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:44.696{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014556Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:44.696{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014555Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:44.696{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0B54-615C-6802-00000000FC01}1396C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014554Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:44.696{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0B54-615C-6802-00000000FC01}1396C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014553Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:44.696{49C67628-0B54-615C-6802-00000000FC01}1396C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014552Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:44.196{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0B54-615C-6702-00000000FC01}2388C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014551Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:44.196{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014550Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:44.196{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014549Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:44.196{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014548Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:44.196{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014547Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:44.196{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014546Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:44.196{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014545Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:44.196{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014544Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:44.196{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014543Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:44.196{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014542Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:44.196{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0B54-615C-6702-00000000FC01}2388C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014541Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:44.196{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0B54-615C-6702-00000000FC01}2388C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014540Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:44.196{49C67628-0B54-615C-6702-00000000FC01}2388C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000014539Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:44.149{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F025E71BDB67479E4C56AC12155750A6,SHA256=0A7EB43538E061A8C3077A34E30BAFA0BAB9D72D41533DD55B0486BB939DF30D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030526Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:44.796{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=75EA1FC8E1A2439DF379CC0257364A09,SHA256=9B535989B45B00B2EDE100A9519BBAB9664ADA10F64A211D5FDD27021DFE82F6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030525Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:44.390{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0B54-615C-4A06-00000000FB01}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030524Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:44.390{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030523Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:44.390{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030522Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:44.390{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030521Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:44.390{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030520Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:44.390{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0B54-615C-4A06-00000000FB01}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030519Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:44.390{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0B54-615C-4A06-00000000FB01}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030518Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:44.391{6EDEAD03-0B54-615C-4A06-00000000FB01}6620C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030517Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:44.203{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B925C0605B5A5DFF2EFADC1E5EF75FDD,SHA256=9412D9922FE66D9ECAB6CC32388D89B877044ACA49AA0D0BD314E3A302DEAA21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014582Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:45.664{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8985CE7CA72CCC9794AC65BB6EAB26A9,SHA256=BD14539FA0118ED3552E136EB3642C8638C16140DF0E7BF6CD2F645ECEBEC01B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030528Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:42.849{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52093-false10.0.1.12-8000- 23542300x800000000000000030527Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:45.250{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=01774B4154BE56E2156D16AF7F949DC0,SHA256=8B4FC10F59EDD98C50972A8ECD8034911EC72C8D030BB0A1856EC2032EC6CD3F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000014581Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:45.367{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0B55-615C-6902-00000000FC01}3776C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014580Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:45.367{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014579Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:45.367{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014578Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:45.367{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014577Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:45.367{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014576Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:45.367{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014575Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:45.367{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014574Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:45.367{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014573Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:45.367{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014572Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:45.367{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014571Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:45.367{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-0B55-615C-6902-00000000FC01}3776C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014570Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:45.367{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0B55-615C-6902-00000000FC01}3776C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014569Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:45.368{49C67628-0B55-615C-6902-00000000FC01}3776C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000014568Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:45.227{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=39C008C2EA302A38A6B55F0719F1548E,SHA256=5B274D0E2A1E50C1543385B647AF4D1603D46606FA9D503B6DDDFE2F897B6F62,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014567Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:45.227{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A33CD918A1EBAA02789D96BD895A3626,SHA256=4111C3CEBD3475D5F81FD74A50B0BDC1D3C14F69BA5B5FFF2FFC674120299A47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014598Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:46.758{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=635F5927265621C4A6F643B0642D902D,SHA256=0775AC87AA7040FCC2B88506FAF5F6FBECDA9322F5B5CB38513589BD1BD8A2ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030529Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:46.296{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C021C87DF05587BD3959983228181A1A,SHA256=B65C0192447BE23E4624B14CA5B3F6AC99AD097AF4C4917112E317AD7A975928,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000014597Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:46.602{49C67628-0B56-615C-6A02-00000000FC01}36683740C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000014596Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:46.492{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=39C008C2EA302A38A6B55F0719F1548E,SHA256=5B274D0E2A1E50C1543385B647AF4D1603D46606FA9D503B6DDDFE2F897B6F62,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000014595Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:46.430{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0B56-615C-6A02-00000000FC01}3668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014594Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:46.430{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014593Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:46.430{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014592Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:46.430{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014591Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:46.430{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014590Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:46.430{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014589Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:46.430{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014588Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:46.430{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014587Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:46.430{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014586Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:46.430{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014585Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:46.430{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0B56-615C-6A02-00000000FC01}3668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014584Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:46.430{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0B56-615C-6A02-00000000FC01}3668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014583Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:46.431{49C67628-0B56-615C-6A02-00000000FC01}3668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000014601Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:47.836{49C67628-FE68-615B-9F00-00000000FC01}1772NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014600Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:47.820{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D56B314D6D90B2BD56F816B40A0E6416,SHA256=C2A3010BC5EC6F2FAF4EA0CCCC2484D59FF2083178939F09996E45FCBEBFAB1B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030530Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:47.296{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=36D427E029332242317FC3C4C575A6CC,SHA256=D7A8400DBEAB661F03CD05D1910C37AB7D4C2943A5F6CDADF592F6DFD7AF4B50,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014599Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:45.122{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50378-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000030531Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:48.312{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=72DEA37F49590DF2595E4CA798B823B7,SHA256=692CD90AF61E70A959E0DDDABBDF1B091723968F8684FFEF5589A914E43E9F8F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000014628Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:48.930{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0B58-615C-6C02-00000000FC01}752C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014627Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:48.930{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014626Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:48.930{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014625Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:48.930{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014624Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:48.930{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014623Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:48.930{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014622Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:48.930{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014621Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:48.930{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014620Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:48.930{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014619Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:48.930{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014618Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:48.930{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0B58-615C-6C02-00000000FC01}752C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014617Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:48.930{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0B58-615C-6C02-00000000FC01}752C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014616Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:48.931{49C67628-0B58-615C-6C02-00000000FC01}752C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014615Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:48.461{49C67628-0B58-615C-6B02-00000000FC01}30603228C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014614Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:48.258{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0B58-615C-6B02-00000000FC01}3060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014613Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:48.258{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014612Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:48.258{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014611Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:48.258{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014610Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:48.258{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014609Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:48.258{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014608Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:48.258{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014607Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:48.258{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014606Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:48.258{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014605Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:48.258{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014604Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:48.258{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-0B58-615C-6B02-00000000FC01}3060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014603Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:48.258{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0B58-615C-6B02-00000000FC01}3060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014602Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:48.259{49C67628-0B58-615C-6B02-00000000FC01}3060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000014645Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:47.872{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50379-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000014644Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:49.508{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9E75A0A4336D24825636864497F9D30B,SHA256=A5183F7AD44B3A14885253D0AF6CF301EC50F2ADD512D788AE140227B20E4446,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000014643Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:49.430{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0B59-615C-6D02-00000000FC01}1012C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014642Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:49.430{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014641Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:49.430{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014640Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:49.430{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014639Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:49.430{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014638Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:49.430{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014637Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:49.430{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014636Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:49.430{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014635Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:49.430{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014634Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:49.430{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014633Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:49.430{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-0B59-615C-6D02-00000000FC01}1012C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014632Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:49.430{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0B59-615C-6D02-00000000FC01}1012C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014631Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:49.431{49C67628-0B59-615C-6D02-00000000FC01}1012C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014630Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:49.164{49C67628-0B58-615C-6C02-00000000FC01}7521260C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000014629Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:49.071{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D7B9EEF52ED803EF8B9B44157BE2AC8,SHA256=04232D23156CADE6A3BA985A73B6991E0F69CE58EBC8F67B6E91FDA7B3955136,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030533Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:49.343{6EDEAD03-FC1D-615B-0D00-00000000FB01}9086016C:\Windows\system32\svchost.exe{6EDEAD03-FC1D-615B-1600-00000000FB01}1288C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000030532Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:49.328{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8048FA5B4F6BF9BF5646DCA36789F8F4,SHA256=DA647DDBC09D1164386A0D08AC7CF995F0BABEEA7FBBC4F4456C70CD98DE17C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014646Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:50.320{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C8F73AD6CDF07DEE01D9F8FA19DA847,SHA256=32CC61E82641D3BACC5B1E251E69D8B0D81DEA0D1C138059AF48F11988672BAE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030536Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:50.671{6EDEAD03-FC1D-615B-1200-00000000FB01}616NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=55769F31682E4B881336E662906DD98D,SHA256=70929A79F86F6E0E1DFE0C3F4AFEF3FD93808064FE1924AE77E4E579809BDC26,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030535Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:48.628{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52094-false10.0.1.12-8000- 23542300x800000000000000030534Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:50.343{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6FD3976001158ADA86752A728893B859,SHA256=9A8B2F0DEFA104DED5D82038AE58DE9E5F373AF258BCFD6EECBF5CA6F22A2A02,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030537Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:51.562{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A7329200A5D98C9554CAB13101655E69,SHA256=584A2772C2541F61BAF6C50887ACE2504738181A0ED1D296DDA6C813F079C47F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014647Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:51.539{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2B910C4037E84BBBF37DC7E58595FC91,SHA256=559279F9534802A847993841F59D20F66CE5151039EB68002B107270656F0E85,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030538Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:52.578{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DBD6A4A9CF5A2EF0160E7E86E75A628B,SHA256=C68DFC36069E5EDE0D54BE5A1523350DBB64DE2625BF8DF8CCBFFF03FE61822A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014649Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:50.247{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50380-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000014648Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:52.586{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F79872E4C99D09A2B149E2D8F67191B5,SHA256=71BFDC8496FBD21A1EF04F7CAA342C3E4E5739FD9C4DFFCA8DECDF83C1F0F1E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030539Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:53.625{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F5457075E9A29E667E1C9E710E9A0ED9,SHA256=F27C1989E53CC80A3D73E0E8A368FCD4A7D81BC67080F6FF8696511D15166CBE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014650Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:53.601{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BD3E656D2ACBC495F570108F63A7CDE8,SHA256=060CC033294B5EF4A4A682A4D9DE3519521D88D4E0F7884D85E94EE48E2D7045,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030540Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:54.640{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B364AA161307E53F0EEF8CCA022807EA,SHA256=9FDC51A6D5211CC72589C2B22A21D7E87706C4CB583796478FA6A126AEF75C02,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014651Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:54.758{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A0CF784D9F6E876C2F227DEC1952A925,SHA256=D7D8026E93ED5F9F321DA5A0F308D081C9D917C17EA47315C6F31AC2E86F4F9C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014652Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:55.898{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FD6430F690F42696C782485F1120BED1,SHA256=FFD8D5A3462465D5B1A08B98F2514400A52AF05C7F59D8F42C4603A1545BB8CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030542Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:55.671{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4CA38E35D8D83345F0DF8ECC4990CDCF,SHA256=108B13A8F2EA57AF9D9929DF6188B36544BF54C6B17B6283F91FF94F2974E0AB,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030541Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:53.644{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52095-false10.0.1.12-8000- 23542300x800000000000000014653Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:56.977{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F91A2B1A2976AAA0A416B1321105609C,SHA256=34763947AA595EA68CC37268542DAF26256F0D66E858C536A8FEA499B177B4DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030543Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:56.703{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF3240D21BF80F6323582F685476AB0B,SHA256=B5CE67C0777EB110554327CD084DC2F2480E4BFEE84B65ECC2547FCE2AB130FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030544Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:57.734{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8891E5EDA616C0737EE01A5701F6675D,SHA256=2E0A43B1FF06736CEA29443F92DCA37C8961EF8434C7DB8E61038367F60F576A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030545Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:58.771{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=72DFD8EED536062422785E6F0504025B,SHA256=3C3337BE45C84927B27AE43119E4B1049A9A33DFDF44ABCA06B1A573BB016E64,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014655Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:58.828{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211005072534-055MD5=9DBD3CF651CAD1963D7DD9E70795396E,SHA256=D00FE5240C0E39CC33FD8ADFFDA13197E8833401D0A3D05F731F6A79B8E00229,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014654Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:58.179{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A644CBF7B67A15A94CE10B085204A0E5,SHA256=8AA5282DE60E14EE6B3F0321D97E3EC14A16CFC4091CA078110C83811C15F507,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030546Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:59.822{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=163C9F4537E55A842782D11EEFF33D17,SHA256=C02335EC669D4FDDAB691CCAADF0F21D8F27A1612570559B0F795427C02334D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014658Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:59.835{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211005072532-056MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014657Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:59.225{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E6C4FD87799811D0B91FCED4E530E5D5,SHA256=BF44C466BCFD88CB37A688F0683E27851A4F260D0C6054E9C1D73FE0E2B350D9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014656Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:22:56.122{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50381-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000030548Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:58.659{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52096-false10.0.1.12-8000- 23542300x800000000000000030547Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.822{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5814F0791CEAABBB8140F966F27AF12F,SHA256=E5CD1156CF35522D840D41681F9C8AB8B605BCC2A1FD93DED4BC9CDA085F99B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014659Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:00.238{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=41969E4AFD10E92A410A92CC5363FA06,SHA256=250FA0420143CFAABEB6BEC75E0AA86059DAAA1D010A5BD78EB6C11655666BA7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030591Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.041{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local64942- 354300x800000000000000030590Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.041{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59444- 354300x800000000000000030589Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.039{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local58411- 354300x800000000000000030588Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.039{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local63232- 354300x800000000000000030587Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.038{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local58361- 354300x800000000000000030586Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.036{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local49220- 354300x800000000000000030585Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.035{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59740- 354300x800000000000000030584Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.033{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58000- 354300x800000000000000030583Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.032{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local56153- 354300x800000000000000030582Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.032{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local63394- 354300x800000000000000030581Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.031{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local64273- 354300x800000000000000030580Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.030{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local49170- 354300x800000000000000030579Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.028{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64153- 354300x800000000000000030578Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.027{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local65485- 354300x800000000000000030577Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.027{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54423- 354300x800000000000000030576Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.026{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local56753- 354300x800000000000000030575Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.025{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56270- 354300x800000000000000030574Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.024{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local63862- 354300x800000000000000030573Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.023{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local55052- 354300x800000000000000030572Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.022{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57174- 354300x800000000000000030571Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.021{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local65435- 354300x800000000000000030570Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.021{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54426- 354300x800000000000000030569Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.020{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local64587- 354300x800000000000000030568Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.019{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local62394- 354300x800000000000000030567Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.018{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56980- 354300x800000000000000030566Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.017{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local57144- 354300x800000000000000030565Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.016{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59753- 354300x800000000000000030564Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.016{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59583- 354300x800000000000000030563Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.013{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local58662- 354300x800000000000000030562Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.012{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local63467- 354300x800000000000000030561Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.011{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local61292- 354300x800000000000000030560Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.011{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55431- 354300x800000000000000030559Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.009{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local55893- 354300x800000000000000030558Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.009{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMudptruefalse10.0.1.14win-dc-676.attackrange.local55893-false10.0.1.14win-dc-676.attackrange.local53domain 354300x800000000000000030557Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.009{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61614- 354300x800000000000000030556Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.009{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMudptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61614-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domain 23542300x800000000000000030555Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:01.822{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=15765BE4D6088C140B7277E0B7578A45,SHA256=4784BB97A30D4A9374C076B37477C7EE0BBDD0A8538E8798D515AC850AF00878,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014660Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:01.474{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=58EC4C8EC91A3073297A70F5053C60DE,SHA256=ADCD53539EDB5B2797F1E5BB52868C0F16EF8B000A6BF56450B113736096285C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030554Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:59.999{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local52098-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local49666- 354300x800000000000000030553Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:59.999{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local52098-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local49666- 354300x800000000000000030552Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:59.998{6EDEAD03-FC1D-615B-0D00-00000000FB01}908C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local52097-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local135epmap 354300x800000000000000030551Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:22:59.998{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local52097-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local135epmap 23542300x800000000000000030550Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:01.415{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6D34640EEB8C231799EA30BD61B41EAB,SHA256=C50E9207C7D846728CEB86A68465FD0906195AB8D0E6FDE4CA6831F0F1533E8E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030549Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:01.415{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6ABF7CB6A144CD856762A88AC563154F,SHA256=BA7BA596A878B3AF16EE231B4F0DF4C00D6C41763413CFB9B5BEE1A64F0F2F09,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030599Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.057{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local62586- 354300x800000000000000030598Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.056{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59877- 354300x800000000000000030597Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.051{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local58439- 354300x800000000000000030596Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.047{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64975- 354300x800000000000000030595Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.046{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local56427- 354300x800000000000000030594Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.044{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local56299- 354300x800000000000000030593Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.044{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60048- 354300x800000000000000030592Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:00.043{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local60029- 23542300x800000000000000014661Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:02.708{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=39ABE3FCF4B93EC8A11B7CE403D00874,SHA256=62F93A2D98B983276306BFA583D6A50117BAC167C9F19F694A7D204AC5FD60C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014663Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:03.739{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CFD796396DB2F4ED76BAEB2737C74B72,SHA256=77801E6F958AEB99AC93EF2CDC9364200CE1590A762F4311CC97EA3068C462E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030600Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:03.228{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7AD74E50B5081D5DB065F3A56008E5D7,SHA256=2C2EA5B019539CA8A7FE8F4C0AD9CDA2B770170537EB0F7E14228237C742BE61,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014662Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:01.150{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50382-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000014664Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:04.755{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA48A7DBDA13FC5F138045D5D126A5B8,SHA256=20C40F2B2065961CA8A1043C50E0081E03A4F7DFDB866F31760AD53C482113E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030601Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:04.087{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5F63D3D91FB549CFB7B94F2421398E96,SHA256=55A3BA467E8CA03BE226263F62E954564BD5050B333D05E7B28DDA667019519C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014665Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:05.770{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A28091F3B9C8BB964EBF98BEB92D0D7A,SHA256=04595603BC22C0E679DC3ABD7E00A3AE2866B794B3B82143E70894C92BDFE5BA,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030603Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:03.732{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52099-false10.0.1.12-8000- 23542300x800000000000000030602Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:05.087{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=229FEE6FE83B7C917E3304FB55A6ADA8,SHA256=CCC6B207068B98BD82D7DA06CDAF6D4663E0DCAE3D433E7A9CE1FFB115CF4B08,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014666Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:06.771{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9C96F15A661E6E2E04ABA7B507D94312,SHA256=9B7DC580FB0E5961FF1E2875FCA9CBE8E74D553552991A8113F9D7DA4B35A846,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030604Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:06.089{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E9CE42ACAD449B1BDEF1E3B73D5F9EA,SHA256=906E32ED9DAE7E732C86C1C1FB25E5D05617E61100A597FF5372972C4ED06CF9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014667Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:07.771{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC2A75B2036326E402D6635D6883BFD6,SHA256=64A752867EF1A61203E35C5DC1AD7D45C7DF3FABABDB0194F954E2C7D0DB759E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030605Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:07.089{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6315BD32E4D15B99CDBB574EB2E0C8C8,SHA256=3C3233E191A2257BC838D08F085C5C30D313A93E2B8F681B2F97A14C07ACAF4A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014668Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:08.772{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A31521E802CF472CC87B9175B22DFAB3,SHA256=C19588412B6236E8469505B3BC2CE9434A629DDAD8980E477AD8C44315103851,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030606Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:08.089{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=205C70C3F40A19489B0847BE5EE7B866,SHA256=B1BED10011C96F12BB6CDB441CBB30D164A33D36881F8CE56F8BBE1E2935EFC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014670Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:09.772{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB23C5A722E8C9D7B9E0A3DEF533BAB7,SHA256=78DFEF025FAE15AEE60F90F092C443E5FCD1E07D335B2155B58E737DA8618615,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014669Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:07.135{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50383-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000030607Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:09.104{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C4981F552D84BFC67D8197D8D471603E,SHA256=9206455776380726907C614ECB64D08EE34E644F1CD6FB1844723B5296B4519A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014671Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:10.773{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7BA4F7DCE73FEA1435630748D34E29AD,SHA256=1FAC0148FF7723D7D82A57E9F443E412F066599A65F989A9CE160314285CBB10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030608Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:10.120{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F964042A360C09CAD96126496EF5EFFF,SHA256=3A7A4D2D8110F6039E22BDA3C4C90A67A2860CFAA519E880409542792983239C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014672Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:11.774{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=540195A13134BD399135FA6E8E9CABD7,SHA256=59A65D5D59082BBDD679E3FBB19EAC22EA2FCB1BB8A68FDD96FBC038903A7A83,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030610Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:08.858{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52100-false10.0.1.12-8000- 23542300x800000000000000030609Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:11.136{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=32DB4948A76842C3B0D92639432E3494,SHA256=8DF7E8A00BCEF726DBA0DB59EE76C55E875F32E1AAF399307EB9194E973ECDBB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014673Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:12.774{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=88AD3CB2A1711F7E7AD974497B5EA76E,SHA256=357BDCAE5E05E904D1C3FC90D3F05393DC65478E7E775570431F6630E347AA83,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030611Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:12.151{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B1E3AC824653946D40E5799F1D66794B,SHA256=E1C5FE7CAE795FFFAD81ED146CC5238D2D4F20361588CDD91354375FC58DE785,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014674Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:13.775{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3BD9367F17DDE4EE7DED9D502EFD2B98,SHA256=18369D7BB72D7D22ED644630A5233671CF58345B2A57BFCF9D6A1A317D534DD3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030612Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:13.167{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E78AACBAD43FE39C143EDFAA6AFE697E,SHA256=10312D0331BBADB2ABFA02236BAE7D9D3286C180DC5BBF9ACF6CC0EB2DFA0486,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014676Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:14.791{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C937B216F2FBEA4FDC813EA462B7CF73,SHA256=AD7BE3E207A752D4D30AA755519CD4CEC961A9EA6F6082565B655813D26851D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030613Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:14.370{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=87B2B30BF01A61D731A26A5239731FE2,SHA256=9397B7C200EEE905E39DAFF03F85EE559267B0BEB031B955925508DD1DF8470C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014675Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:12.247{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50384-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000014677Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:15.869{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=44DF93C02FC6AC9DCEE73998CC6E1C6D,SHA256=55FCD1A28D8B03A3BB2798D6F26B91D38A50391EED0CB2ED231AF6B868CC9A86,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030614Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:15.573{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B69857F80C052EB918A13F8D1882EED,SHA256=18ABB0DFB67CDB682497788DB934D4D3259B0C123ECA6692F167BB3C3223C26C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014678Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:16.979{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=507B0DFC7667485A0B9B5E52E20D1BA8,SHA256=9EB41BD455C9C920EB938495E70E106C6E3B422A87E908A35EB52917C68762BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030615Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:16.573{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FA68886FFBA5B505F900865CED50C38E,SHA256=616E9870507A1BFD71DB915CA381C36CC0E5BF0A49D4CB09F934420916B82BC2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030619Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:17.652{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=297E90885939E0F91461A387E64300FB,SHA256=70BE804811B5BF25C0E67D972743A1D3CF02C07EF671BDDD75B14ADC14141D54,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030618Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:17.652{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6D34640EEB8C231799EA30BD61B41EAB,SHA256=C50E9207C7D846728CEB86A68465FD0906195AB8D0E6FDE4CA6831F0F1533E8E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030617Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:17.589{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=477095D5221819B9C200AE3F41F3A802,SHA256=44098372D7680DF21355B387F2F43627961019A8609BF6216BF87C43166DD175,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030616Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:14.780{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52101-false10.0.1.12-8000- 23542300x800000000000000030622Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:18.636{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=446D6B57739E0D7F626975C3CA2D04F5,SHA256=DDDD36064FA5B37A634FECAFF9C50BE3E1094DC9BC02E769D85736F0566015C9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014680Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:17.250{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50385-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000014679Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:18.136{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C87930DF9F155239347187204DB767F0,SHA256=00DC75681CF87FD5D875C28930A4A7D1C0550318F2C3ABFD122B970705C51C4D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030621Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:16.249{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52102-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x800000000000000030620Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:16.249{6EDEAD03-FC2A-615B-2900-00000000FB01}2912C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52102-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 23542300x800000000000000030624Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:19.647{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=76B1F25849E61A4440659A8F262E920B,SHA256=CE17356252E51A7D5F9C57DF04BA5AA7071D11446CBB293F724D509F6AA8A6A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014681Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:19.269{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F2BC7969F42EFA609F8E02C519C96775,SHA256=99E52E04DC24DBEC457C93CBF97F151754F575E0CDB94EA5F3165811C720406D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030623Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:19.366{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=297E90885939E0F91461A387E64300FB,SHA256=70BE804811B5BF25C0E67D972743A1D3CF02C07EF671BDDD75B14ADC14141D54,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030625Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:20.694{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CAE44C3B12E558A56C89710C2B879EE5,SHA256=51A5754D43A395A6864FFB845C5A29F5B3B6171CF261F2B2BABC8718909570E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014682Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:20.395{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=829E58885798D95A0E333405D9AF4A44,SHA256=2A6AE99967FB7704A2F1ACECE77DC1794C13F256A2D2B54143D86C8094AB9BD7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030629Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:21.725{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=752EFD22D8AF1F5841586DBBB729AEC1,SHA256=9727E59686DF94E1B1AC03E70E72DA0EC5746E428DA859963FE24CCAA7A55C61,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014683Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:21.536{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F30BD015A3104A6D0146C2327914872,SHA256=DCB2395674BE9B8996CB81077FBB2B4ECF8DFB0384860B24D258D7FA4916D83D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030628Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:21.428{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC1D-615B-1500-00000000FB01}1240C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030627Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:21.428{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC1D-615B-1500-00000000FB01}1240C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030626Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:21.428{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC1D-615B-1500-00000000FB01}1240C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000030630Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:22.835{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF3F192FC131D31A5738548754A794DF,SHA256=6DD0E3466AFC08CADBF1902A605B406691CBB997657BDB86B35AA40DB37A7A10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014684Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:22.771{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2788B1C4033D1A487D30FA66C0893E94,SHA256=4CBB68F51F38AE9F35444B2DF844EB00E386A7DBD54D49E1589AE91AD42B3A78,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030635Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:23.897{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=60A42F529F5F6A631844E614C41CAE1D,SHA256=F626D3FAC747AF79C6B56E7D4BA21F42603D9C17954328D4E1C116194FD88675,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014685Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:23.787{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B2BDD74DEA6037D678177525398E4F53,SHA256=8FC2578C115B22BD693126A24A0D9B47044E3C62028D7BBC010ECC92270EC337,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030634Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:20.682{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52103-false10.0.1.12-8000- 13241300x800000000000000030633Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 08:23:23.257{6EDEAD03-FC2A-615B-2D00-00000000FB01}1000C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\8EFF07E0-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_8EFF07E0-0000-0000-0000-100000000000.XML 13241300x800000000000000030632Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 08:23:23.241{6EDEAD03-FC2A-615B-2D00-00000000FB01}1000C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\3921F692-FD43-40E6-838A-1597F7469C61\Config SourceDWORD (0x00000001) 13241300x800000000000000030631Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 08:23:23.241{6EDEAD03-FC2A-615B-2D00-00000000FB01}1000C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\3921F692-FD43-40E6-838A-1597F7469C61\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_3921F692-FD43-40E6-838A-1597F7469C61.XML 23542300x800000000000000014686Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:24.913{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3725DA0D4618E03FC29EA956771CD76C,SHA256=6F9819AF2C261C254B6BA7CDB12D6802826E93B2258E26403BDF7076E5261C9B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030636Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:24.257{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B11B9BAC7BFEB9BF335DB3DCE3CBA2F2,SHA256=6545D7735EAD076A6AC4B9D09F294C423F8556316CC41236D5A95DA9C56D9383,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030643Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:22.867{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local52106-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x800000000000000030642Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:22.867{6EDEAD03-FC2A-615B-2D00-00000000FB01}1000C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local52106-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x800000000000000030641Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:22.859{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local52105-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x800000000000000030640Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:22.859{6EDEAD03-FC2A-615B-2D00-00000000FB01}1000C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local52105-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x800000000000000030639Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:22.840{6EDEAD03-FC1D-615B-0D00-00000000FB01}908C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local52104-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local135epmap 354300x800000000000000030638Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:22.840{6EDEAD03-FC2A-615B-2D00-00000000FB01}1000C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local52104-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local135epmap 23542300x800000000000000030637Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:25.116{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FA53EB3B4FD4917E6AD21A6ABC5FF424,SHA256=BE7AEFFE7987AF75EC24EF448DEF961713653807A74A8A22D3FF6B6AE71E5518,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014687Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:23.198{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50386-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000014688Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:26.038{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=06B1BD10E00753FE81342D433AA7546E,SHA256=89EA90B19DAC74BE303748E222940FAE750CD79DC115E5B18A3A10A7E628DBF5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030644Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:26.116{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B8062472C899AFB643EA47EDE94B719D,SHA256=8C87372E0ED9615CFAC7F2F412E1FB1F369EB9CAA8A92B0C219F6AB4DE087710,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014689Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:27.101{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E385D37EC4C831577A3BD0DF1277DFC2,SHA256=6507F9FBE294CE41E4899117B5293997106C777707675A9B8F87125396D61D75,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030645Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:27.116{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3DB6D2726D202CAAB433F8AE6B2DE801,SHA256=74B8642D1DD412A4B71CBA8ACEBAC70330E60922F80C32A59982D87216179419,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014690Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:28.289{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C7C86CE154DC3414984773E5F1455478,SHA256=5FE2C53B7817C9E4A4D05966330839D79423E6AB7770282CD728B01D32B8FDA0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030647Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:26.682{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52107-false10.0.1.12-8000- 23542300x800000000000000030646Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:28.132{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=968388857AFE6F4C6120EF48ED755F16,SHA256=4DEFEF63A84CC349EFE8AF22F7E3DC17D74D99C849058ED946C0F945AE4B3DC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014691Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:29.337{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8579288492897C9AD0C4813D349D9B14,SHA256=AEFC5C370429A6C24B1B9F450EE3115E4547073A5FE72056932AA3BB57639269,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030648Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:29.132{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=93A0D27080038AE425DE2B0B0D58511F,SHA256=C5370690E3140DD0814B8B3A13DF28A88AF83227A8490E0C1B72DE47CD2C8CB6,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014693Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:29.092{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50387-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000014692Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:30.556{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3228BEC106F8AC27AEAC773D85EB2AFE,SHA256=733C62612819C33E92CD14AE4901148C9BFED2D2283FDEBD9C748C3ED319BC8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030649Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:30.288{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C7A6CF4AF4A8611CE59E87510460BAB8,SHA256=7FBF8FC1C8EEBDDA92974B3A7EA5011635A5F83E6325FF26E23DB07884D24B8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014694Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:31.790{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=325E591DF122B91158B4952F8D60CFCA,SHA256=44206CFC321FCAE1A8F23B690753445268BF42669646F5D5A4E498938EB191F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030650Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:31.288{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D32179AFA19EFC51C0871C78D7E5FBCB,SHA256=48D42379845D559EDAF6629052B5F4D58FFF116555EC5C286417D7A51F6221CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014696Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:32.806{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A5641AF55090B49E914A9309D8C3C883,SHA256=B2BC86D086F01E4D2EB6748CE16493FEB0C07E076ECCA3EC6D3AD986622A81EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030651Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:32.304{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6FD2CF5F14853F52C07DA128B7A422DF,SHA256=08E8E255D5B98537E5FBF9C22A7EE8045C8FBE773B6F734D399D1FEFE0F4AC31,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014695Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:32.478{49C67628-FDEB-615B-1100-00000000FC01}964NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=E237A7A2FD534AA44428A8A47D9EE525,SHA256=CBC17D2039BFD16A4CC656396CD889F23ADFB488EB72D89DE3A0E48E5DC11B34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014697Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:33.806{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10359F9071DA074E887BB1CD84471F50,SHA256=D72B6C3CA5ADCFFC407BAB1EC65848AA01D5E1776A0B953816644CF0CC027C9E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030653Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:31.760{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52108-false10.0.1.12-8000- 23542300x800000000000000030652Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:33.319{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D9EC03442D9F4B330A869F038E89ABA7,SHA256=C206CD689FB3F283F4B1E5FB6269C94C390AA20972C448F4A48DA7DA814CC047,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014698Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:34.978{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E999CCB229518C8A3F50A219ABE78B28,SHA256=E1EAFB55B28F1E942F09A3CDB2DB0F1D30B01455DBC21C4D0217D2B280A22DE3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030654Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:34.335{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6BB38F880E02B2ED74136D8D9725835D,SHA256=B9DB1C2EAB30B4588AA4931C095C71F8B514C94F3A313B5F912B889CB6965820,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030655Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:35.350{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=58D86192E2FC0CD2948FD3162128F302,SHA256=F471BAA19CC5D2C5B81E7CFD318BE97BF8ED2801360EC508F6D5D0530C2C374A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030656Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:36.350{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=36CD9970B0323F85DFDE91391E597808,SHA256=83C14EFD889F6051B84BA56758F0D68466109824D4104E7F3421D7880069E7E8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014700Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:34.186{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50388-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000014699Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:36.212{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=554C5C6631E0ED56AE0556C73A00915F,SHA256=0A1D849ABE5D3F089F6EEF82F7DE4D1FED42E1CA586A3DEF014E23CF4E3281AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030657Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:37.366{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE74CC13FBFC65EAF8C7CF42834B0A15,SHA256=186C3E7C734EA5EF9D488D54935C7ADC69AEE3F3ACBA0634E3A7FFCA39A757F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014701Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:37.447{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EBA95818C3912D389BA05C0DA4C6CDD3,SHA256=560E9E75AA534430FF58003CDEDDEA09D3FB1D644EADC43B9B0E46E19C6AC70D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030658Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:38.382{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A630211A25CE6326DFD552C590EC5180,SHA256=F754005B98229691ED782727EB52CE4A2A4FBA89EC1F64A4FF241BF2FE59E8AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014702Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:38.525{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=18A4BF2303E1642D4F43777B6C9890C6,SHA256=0C2B37AEA4CE83BE8466774A3BE4D2E0637DA34BFE3DBB27334E2C24FE4627C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014703Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:39.668{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8223C96D211DEBF225B275CF5DA4941F,SHA256=305E078CEB5FAACBB5E6CAA79F0D4B89BDBC912D0343730AF30F939BBA380F7F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030668Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:39.749{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0B8B-615C-4B06-00000000FB01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030667Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:39.749{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030666Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:39.749{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030665Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:39.749{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030664Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:39.749{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030663Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:39.749{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0B8B-615C-4B06-00000000FB01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030662Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:39.749{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0B8B-615C-4B06-00000000FB01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030661Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:39.750{6EDEAD03-0B8B-615C-4B06-00000000FB01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030660Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:39.608{6EDEAD03-FCBF-615B-AF00-00000000FB01}416NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030659Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:39.390{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=932AA5B4CEB0A15F1675FF644BC5DF7E,SHA256=C5405CE2B9FA21C5257B8EC6D8BCB0208E7FF569C40D82D383D69F7984799540,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014704Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:40.699{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=478739C4A338DC5ACE3A86B58CA85025,SHA256=B885F7B453F150E94062A1F6F8009A26B1BE64043401900912E49B7531BE384B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030689Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:40.890{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0B8C-615C-4D06-00000000FB01}6240C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030688Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:40.890{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030687Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:40.890{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030686Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:40.890{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030685Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:40.890{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-0B8C-615C-4D06-00000000FB01}6240C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030684Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:40.890{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030683Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:40.890{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0B8C-615C-4D06-00000000FB01}6240C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030682Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:40.891{6EDEAD03-0B8C-615C-4D06-00000000FB01}6240C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030681Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:40.843{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=45BF11238526AEEA809B2FE61B637527,SHA256=DEDBE6F05E7287725F7DBDC5941CA9E054302001C5C29CC576A15A0E3EBB6195,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030680Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:40.843{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4FC53647BC69AA2C06F65E0EFF6C0A0F,SHA256=982FD690C2F510EBDE66EC87143447B16578A33C65956467975EE19251516E81,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030679Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:40.530{6EDEAD03-0B8C-615C-4C06-00000000FB01}62365552C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000030678Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:40.405{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A976CE3C85314930E0484C957E449FF4,SHA256=B1878785231BD1A381F046FD10FF1C46F94F408491586E7FE7F68F084A69FA72,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030677Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:40.358{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0B8C-615C-4C06-00000000FB01}6236C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030676Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:40.358{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030675Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:40.358{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030674Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:40.358{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030673Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:40.358{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030672Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:40.358{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0B8C-615C-4C06-00000000FB01}6236C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030671Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:40.358{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0B8C-615C-4C06-00000000FB01}6236C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030670Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:40.359{6EDEAD03-0B8C-615C-4C06-00000000FB01}6236C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000030669Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:37.651{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52109-false10.0.1.12-8000- 354300x800000000000000014706Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:40.157{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50389-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000014705Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:41.699{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EEA713AEA2E9B9271430933170D6585A,SHA256=D55F49C8B1F6E826A1BF3169DE3B9319FA1224BC721C14E98B1EAD62424DAAC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030693Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:41.890{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=45BF11238526AEEA809B2FE61B637527,SHA256=DEDBE6F05E7287725F7DBDC5941CA9E054302001C5C29CC576A15A0E3EBB6195,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030692Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:41.674{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211005071805-063MD5=AA6F78CCC35FD74424B933C975A9F779,SHA256=482DFC86E7C4A11E76E3E352EB64B396C84C083D9F57F37823883232EC55A225,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030691Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:41.437{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=123A0C19C3F48DC4498A377F46628C20,SHA256=0C2D46BFEB5C0F371CD6EC52E4FDEBDF87DAF67DB9348B4E5CF1249611065F6B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030690Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:39.191{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52110-false10.0.1.12-8089- 23542300x800000000000000014707Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:42.699{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3CCFA0D9A48EC6206C1FE9F26EC03E18,SHA256=DD632BF45205066453EE4064033121B230389AEF8AEB041F0DCC18F07A161DE5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030704Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:42.673{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211005071802-064MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030703Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:42.531{6EDEAD03-0B8E-615C-4E06-00000000FB01}61966200C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000030702Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:42.437{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CAE975A4940062762FFD2D65E4A1BE1C,SHA256=CC2C4D1A56406F782DD9F282BAC3A743060B03F0CB0AA6906CBCF81BC88F1F58,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030701Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:42.390{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0B8E-615C-4E06-00000000FB01}6196C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030700Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:42.390{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030699Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:42.390{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030698Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:42.390{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030697Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:42.390{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030696Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:42.390{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-0B8E-615C-4E06-00000000FB01}6196C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030695Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:42.390{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0B8E-615C-4E06-00000000FB01}6196C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030694Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:42.391{6EDEAD03-0B8E-615C-4E06-00000000FB01}6196C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000014708Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:43.715{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=27FD9F55D0C2F5FEBBF6BBC2AD408BF7,SHA256=A6EEC1723F4357B94091FCB126A7E5CDE572FE283B721DDCA6728A6B104CA648,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030724Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:43.783{6EDEAD03-0B8F-615C-5006-00000000FB01}67684688C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030723Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:43.611{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0B8F-615C-5006-00000000FB01}6768C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030722Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:43.611{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030721Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:43.611{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030720Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:43.611{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030719Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:43.611{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030718Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:43.611{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-0B8F-615C-5006-00000000FB01}6768C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030717Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:43.611{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0B8F-615C-5006-00000000FB01}6768C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030716Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:43.613{6EDEAD03-0B8F-615C-5006-00000000FB01}6768C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030715Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:43.440{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=511CF90208F534E50B095841BD984556,SHA256=A85C42BC0F189B854CDD4423A6F0884B27FD42001898589D80CC94E1D1F5C1BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030714Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:43.393{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=06D3BF2F34FB1A41ECFC9788179FF757,SHA256=D8396C1383F4E112C57F7716F8E6B8E94F42FD296E9B97E89A16C12CDC1B9710,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030713Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:43.221{6EDEAD03-0B8F-615C-4F06-00000000FB01}4196292C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030712Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:43.061{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0B8F-615C-4F06-00000000FB01}4196C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030711Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:43.061{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030710Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:43.061{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030709Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:43.061{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030708Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:43.061{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030707Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:43.061{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-0B8F-615C-4F06-00000000FB01}4196C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030706Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:43.061{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0B8F-615C-4F06-00000000FB01}4196C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030705Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:43.062{6EDEAD03-0B8F-615C-4F06-00000000FB01}4196C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000014736Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:44.996{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A73C4A5A3610E772193E488E3039BC6F,SHA256=D1595765EDEF04E2A2AC68526D3F21E96646715EC4B89AE107FC8B6683933B18,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030734Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:44.752{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5683711060CA09FEB24507D9C6C2329C,SHA256=058B8B182FC2A8A94B8547D20FF6C9AB960C4B7FB7EFEAAB1693A9E1ED987949,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030733Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:44.455{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=973E2AE0F95F1238DB549AD0425A009C,SHA256=AC865B792D703BB1360675A73BFA338C519EB37DD170E70B34B374EC311787E7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000014735Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:44.840{49C67628-0B90-615C-6F02-00000000FC01}24843404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014734Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:44.699{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0B90-615C-6F02-00000000FC01}2484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014733Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:44.699{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014732Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:44.699{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014731Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:44.699{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014730Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:44.699{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014729Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:44.699{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014728Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:44.699{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014727Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:44.699{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014726Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:44.699{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014725Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:44.699{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014724Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:44.699{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-0B90-615C-6F02-00000000FC01}2484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014723Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:44.699{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0B90-615C-6F02-00000000FC01}2484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014722Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:44.700{49C67628-0B90-615C-6F02-00000000FC01}2484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014721Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:44.199{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0B90-615C-6E02-00000000FC01}2856C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014720Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:44.199{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014719Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:44.199{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014718Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:44.199{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014717Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:44.199{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014716Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:44.199{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014715Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:44.199{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014714Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:44.199{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014713Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:44.199{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014712Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:44.199{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014711Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:44.199{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0B90-615C-6E02-00000000FC01}2856C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014710Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:44.199{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0B90-615C-6E02-00000000FC01}2856C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014709Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:44.200{49C67628-0B90-615C-6E02-00000000FC01}2856C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000030732Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:44.283{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0B90-615C-5106-00000000FB01}7132C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030731Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:44.283{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030730Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:44.283{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030729Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:44.283{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030728Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:44.283{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030727Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:44.283{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0B90-615C-5106-00000000FB01}7132C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030726Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:44.283{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0B90-615C-5106-00000000FB01}7132C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030725Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:44.284{6EDEAD03-0B90-615C-5106-00000000FB01}7132C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030735Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:45.580{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=27D186D7AFC55B1A8F93A4E68415E542,SHA256=55D3B69140CF247D185C76E8A221B7FD5FB9642AA25F845C0BECF9E0625E0431,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000014751Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:45.215{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0B91-615C-7002-00000000FC01}3772C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014750Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:45.215{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014749Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:45.215{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014748Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:45.215{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014747Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:45.215{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014746Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:45.215{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014745Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:45.215{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014744Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:45.215{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014743Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:45.215{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014742Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:45.215{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014741Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:45.215{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-0B91-615C-7002-00000000FC01}3772C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014740Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:45.215{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0B91-615C-7002-00000000FC01}3772C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014739Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:45.216{49C67628-0B91-615C-7002-00000000FC01}3772C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000014738Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:45.199{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FB6100538B79A419EF883087258321E1,SHA256=A824445C5AD544289AF37AAAA531C9B80BDA4BCC8FB8355FA74AEBF4776E2727,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014737Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:45.199{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5CDA19EEA46E5128E55E0B22C4B859C2,SHA256=D03A27346EEF6F1509CFD590665E93EBAFB58DF70B6C23939F0EFACF21F57777,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030737Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:46.611{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3EDC010D0956055E068A0D34A449A275,SHA256=7DF5E8AC4426C591AC62D5109315A1EFF33096921DFD4B39942AA38282FDB9C3,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014768Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:45.220{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50390-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000014767Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:46.480{49C67628-0B92-615C-7102-00000000FC01}35121996C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014766Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:46.355{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0B92-615C-7102-00000000FC01}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014765Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:46.355{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014764Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:46.355{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014763Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:46.355{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014762Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:46.355{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014761Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:46.355{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014760Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:46.355{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014759Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:46.355{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014758Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:46.355{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014757Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:46.355{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014756Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:46.355{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-0B92-615C-7102-00000000FC01}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014755Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:46.355{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0B92-615C-7102-00000000FC01}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014754Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:46.357{49C67628-0B92-615C-7102-00000000FC01}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000014753Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:46.230{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9ABD9863E6DC96B0D3465F9A75305673,SHA256=84A060124588172EE1D16013D3C32524264C0DCA67CD02A5A4549F679E624061,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030736Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:43.630{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52111-false10.0.1.12-8000- 23542300x800000000000000014752Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:46.215{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FB6100538B79A419EF883087258321E1,SHA256=A824445C5AD544289AF37AAAA531C9B80BDA4BCC8FB8355FA74AEBF4776E2727,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030738Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:47.643{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=33B825F30F3D5A3176A58A41F394D092,SHA256=310975AE117E8048628E685CB6DEBB7C279294C9E2A7FE409269D0292F9CE41A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014771Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:47.855{49C67628-FE68-615B-9F00-00000000FC01}1772NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014770Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:47.387{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5DC8FB6F1EC4671BED15CAAA0CF4CEED,SHA256=EE94CAC18059D48741AECCC3952457DD0233063D060C9C2FFD88BAA0DC0E3D13,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014769Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:47.324{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FD532406064D9B50BF9C507D201439C2,SHA256=232AF185EDAFD3454B24E0DF4B6B39A7F09519380C7F8C026CFE819D629D5A83,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030739Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:48.690{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6CCC25DE783665965A55E0BAD148D3CF,SHA256=DC0969050C2D8D91BABEA3F2D2DD8F846E88F76741333E6BF569792D31169AF7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014800Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:47.892{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50391-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 10341000x800000000000000014799Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:48.949{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0B94-615C-7302-00000000FC01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014798Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:48.949{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014797Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:48.949{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014796Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:48.949{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014795Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:48.949{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014794Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:48.949{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014793Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:48.949{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014792Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:48.949{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014791Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:48.949{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014790Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:48.949{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014789Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:48.949{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0B94-615C-7302-00000000FC01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014788Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:48.949{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0B94-615C-7302-00000000FC01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014787Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:48.950{49C67628-0B94-615C-7302-00000000FC01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014786Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:48.480{49C67628-0B94-615C-7202-00000000FC01}27883028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000014785Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:48.340{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3CB53A58B01A73A80249059DAD29F696,SHA256=39FE96BD24A74E4C9E50696FC15C399A9BEB57ED8DF7E04191409E630E9D3092,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000014784Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:48.277{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0B94-615C-7202-00000000FC01}2788C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014783Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:48.277{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014782Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:48.277{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014781Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:48.277{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014780Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:48.277{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014779Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:48.277{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014778Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:48.277{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014777Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:48.277{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014776Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:48.277{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014775Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:48.277{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014774Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:48.277{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0B94-615C-7202-00000000FC01}2788C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014773Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:48.277{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0B94-615C-7202-00000000FC01}2788C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014772Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:48.278{49C67628-0B94-615C-7202-00000000FC01}2788C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030740Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:49.705{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5F26C35386501F374D4F17E503BCB793,SHA256=F13E7C4BF74273B4D2D9EA5ED285580CFA3C303344D138F21BD000452A69C778,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000014816Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:49.621{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0B95-615C-7402-00000000FC01}876C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014815Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:49.621{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014814Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:49.621{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014813Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:49.621{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014812Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:49.621{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014811Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:49.621{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014810Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:49.621{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014809Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:49.621{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014808Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:49.621{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014807Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:49.621{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014806Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:49.621{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0B95-615C-7402-00000000FC01}876C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014805Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:49.621{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0B95-615C-7402-00000000FC01}876C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014804Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:49.622{49C67628-0B95-615C-7402-00000000FC01}876C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000014803Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:49.465{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=84180CE9987D05C9FFC39C78B71FD492,SHA256=90EA0D8BE872955C38E502B95AD383BA800EAE705D18975A2E2B7FF0893D183D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014802Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:49.277{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=75E026E3FDF4693F4EBAB761121198D6,SHA256=7AE251A0CF570F18F3B5B00F2433006197CDD915224BD393DB0BCFDB0265BE73,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000014801Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:49.105{49C67628-0B94-615C-7302-00000000FC01}40083852C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000030742Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:50.721{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BAF95E15BA0CDDB561199554411126C9,SHA256=CE47FB8C04C29BAD26A2AB2E51C401A90EB532A24674B2A9B85B4A7958BEBD65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014818Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:50.730{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=73FD5F869B09D04913ECA0C8AF371028,SHA256=78FFBC1B803179AF9A1DEB176F5BA5E4E71C986EBF9DEB1AB1BEAC457EACA246,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014817Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:50.684{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D70755422AF6113BB809E8CE4AD78640,SHA256=1ADB2CE44A1BE8135966C601C2F2A537020AD41F56C7232067B041E54E8F75D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030741Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:50.674{6EDEAD03-FC1D-615B-1200-00000000FB01}616NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=4A2CB337F2C8CC18B38A3264DDF05D93,SHA256=36DC11DEC64871EC1CB36D50D4AB90313263B4C67731C9F27E4A68187A0751DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014819Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:51.746{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85DE1896D46E8729AE0BE2AAEB820FED,SHA256=C3034B67AC0C02BD50CA9B768245882BBE00A1A9A8B09AF1B99EBBA1C8A7B116,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030744Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:51.736{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=33FEF0850C7F055E84160C8A07F1816C,SHA256=4F5EDE834DE3CBD5F17017137F47827B7455A4FBF76E300DBF1C03DF17BAF7EA,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030743Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:48.802{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52112-false10.0.1.12-8000- 23542300x800000000000000014821Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:52.965{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=228370CE7767582C7EBE2B5FFD117A17,SHA256=CA60510855B57C444DDD3BED553FDCC632190EBA4972AC959F1C94800F7B4085,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030745Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:52.752{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D18F77ABBAED402CE83AE3EA014754A8,SHA256=B48711638325E92BC7BA339BDCC59B246724BA389B923480BA961D7362E660FA,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014820Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:50.282{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50392-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000030746Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:53.768{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=15557A735737CAB3761487D6C4852DC1,SHA256=39AA1A8E42FA039A91BFC302F1F008B15376A18856374895807A57C18E5859F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030747Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:54.783{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D97563281DEF5701870DF9130DF1FC9,SHA256=068A2329E92EF2D1520B5616F5D22000D38433D5C006D8FDCF35C17A6D5DABD3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014822Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:54.027{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=751FE0BED60B4F2BF8E57EB5A99610BA,SHA256=1DBDFEE528E6B693DA72E6316C899F1BE43F9A0197B41AD2C0419743C33B0BE2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030748Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:55.799{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F24534AF1E096EC9BA04F540228F687A,SHA256=67225CA8BBA1E7CD6FC3558E63FE8D924F4094EB0201F9366154912AFF5F4F5B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014823Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:55.231{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5AE6DFAE10D743533A441229BD51EABB,SHA256=C30083BC64E78171E3096043AFBB68D8BE29102123852CAFF75616EEC6E0E938,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030750Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:56.830{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=17C3CEFC30B867953F40A9B016D08121,SHA256=9CEB52212915EF88BB3360D9B72B986366C6C32D2D85D833E1B45DFD353B52E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014824Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:56.449{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4AFF03FAA1119EE316497CC9F80B4D2F,SHA256=BCDBD5916BA77CDC08F6E9419654A005292135F8554BE6B93AC8CDE9A5B94188,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030749Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:53.802{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52113-false10.0.1.12-8000- 23542300x800000000000000030751Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:57.893{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25D07F39913FC8E25FEA2C4E62F71F6C,SHA256=4499533F0E440A288404A24511751B4C9B07553146FAA0B86F9D5BE494FC32F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014826Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:57.652{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7998D5A723C022CE6815AF449EBC9749,SHA256=85D5628FFDB69C485FE8228200171BCA1F7E4E14FB7ABB33E28D6E1C9C3FA51B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014825Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:55.298{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50393-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000030752Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:58.908{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=911FD21898C794BBB834361079FF7A22,SHA256=184021E4C720E6586F47477B7C8A05C4B8A8FD4DF29DEE30CF6F8E1D1051945B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014827Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:58.870{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7D53330B2B466FABBEBB121A3EA14923,SHA256=BFEF6DCA22100372970DB6F34A2528899CA0D50CF0F5EE17274DA8D9A02E31FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030753Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:59.973{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0456221CDDB14615531242B11DF44707,SHA256=4805099D2AC9BDC5F009D00517AACDA0AA296BEFC60056D35BE1AF75A4CE7B13,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014828Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:23:59.925{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=134AB34BAF6BB75F5D8F684B152391CF,SHA256=F7D9C788FDA6F14B185A7E7D1C589B04C2689F7C3527A435C1D5A3861DD906D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014830Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:00.969{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FDC095F7A0CAFDFA549B722E0A54EBFD,SHA256=8A2DDD14215DB4A693BC57144CA6FC1C51A4DE2FB022935A62D03C6AF2E346A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030754Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:00.989{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DDECA5687F13CBD3997F7F80166105C6,SHA256=1665C1BF9D929BCF7B9196715E396D82C7A16A5719496C99209BBE6B172ACE3B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014829Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:00.362{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211005072534-056MD5=9DBD3CF651CAD1963D7DD9E70795396E,SHA256=D00FE5240C0E39CC33FD8ADFFDA13197E8833401D0A3D05F731F6A79B8E00229,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030756Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:01.989{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5BC7511A79ED7826BB1F7907A5608EC8,SHA256=8E3602319F0BE08D4A0CC3E6E51AEF06FD565B76497C55FFBC54B7C7B36F2C5B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014834Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:01.921{49C67628-FE68-615B-9F00-00000000FC01}1772NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\fishbucket\splunk_private_db\snapshot.old\snap.datMD5=4BFF87CB7C30E8E90CB3F91054D97E7E,SHA256=2358C5E2FF42E546A45310B8992C30C10BCCAFCAC1F3A029917D1706BC21B8C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014833Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:01.921{49C67628-FE68-615B-9F00-00000000FC01}1772NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\fishbucket\splunk_private_db\snapshot.old\btree_records.datMD5=EEDC9FF5E7F2D31913516146FAE86984,SHA256=C6F32341DCDE294EC4991D149566D83CE3797A32BA440A8045E1A87E17F1B7DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014832Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:01.921{49C67628-FE68-615B-9F00-00000000FC01}1772NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\fishbucket\splunk_private_db\snapshot.old\btree_index.datMD5=7657411E92B17ADBBD955B4BCD36DE67,SHA256=7703B0A9147988CAC10DB625BE725FBA67D72DFB0B2FF0532C6BC0AD67F6166F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014831Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:01.375{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211005072532-057MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030755Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:23:58.804{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52114-false10.0.1.12-8000- 354300x800000000000000014836Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:01.083{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50394-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000014835Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:02.187{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=394AB6626240DFE860A1E5BC81D17368,SHA256=CB852652C8740A0DBDA6A5300D3631AEAFD039DE106AEBAB0FE702C07CE41B83,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014837Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:03.295{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=715C4F10FF4797DE7772E36EEE2BCC18,SHA256=65B12153434F536C85EC598C82DF56FF4977B63AB6F773640692B3A8BF7DCB25,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030757Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:03.020{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5EB3C3B91B02A6990DF04C03DD938B49,SHA256=C58236468DE62D52CD551D5AAA7F76F6F777A25B57372021D2CA9DA478305AD8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014838Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:04.435{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B86D8BFAE2FFFA374B6539FEC0A480C,SHA256=86FAAF014E0EF726FDEFD9878D6070209D91700B5A871F061F442DE6F81D47AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030758Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:04.036{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C1E3ACEA623F70A0140A510411476E62,SHA256=561C23C0F2D39D1B94CC578853ECA0BB82CE4AC0A61ED68E1A46231EDAA0C4AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014839Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:05.497{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E150A0959B021E23D58A7C828621030,SHA256=75C94AE68B64FD40A1079E6156416A58BBF16B2899F3E6A31D3254F18121E4A2,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030760Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:03.851{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52115-false10.0.1.12-8000- 23542300x800000000000000030759Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:05.051{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2134607B50217053E268AE93604040D0,SHA256=9AD212149F1DC2D38775AE097CFC24F87B93B4D8EA3A17F2C8062862FDD5027F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014840Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:06.606{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DC2944340FCE45C2E094CAE518FF81E6,SHA256=1A9CCE99134356E12BA9BB25DB83C2640D97294D55FE80F34DF2FD3CDB7EE6C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030761Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:06.051{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B858A2A539713598628001A84DE83CA,SHA256=0004ABA80DC338852596A39D1A32138E4AC29CE3FEB1BB5D4D4033106C5C9ECD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014841Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:07.824{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B000272F54E20B8D99E8C1DD30A0C506,SHA256=076E711B451ED602C21C372CEC818E18BED9832BA6DBF607ECC9A91E6212131E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030762Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:07.208{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DAAA7696B9D4AF6E3E85B5464FDFD8D7,SHA256=9755F1F34990CE48DE7721BAE8B41CD0E5A961AD383347B6C88EF354FBE40A8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014842Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:08.902{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A53AD7C240F2B32EAD36884D96214185,SHA256=4B4A617D5B8EE8DBCA37A78D3096D2683F6B39F17A46EF1D5C9495BCEB490741,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030763Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:08.348{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=022C22AB75EDCA639CEF25EB75F07E13,SHA256=59F59CBB057101E6AD90A380436D7EB26ECF7F90B1F2BCAE19176088AA318FEF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014843Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:09.917{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9E08916A0E4DF8C5F0509AC202F22EA7,SHA256=24DCFC382006BA8F797018508FF867C908588230A4493D394DB18A50629BE4DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030764Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:09.473{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5D1F980FB8F981FE4234DF4B4F44AB0A,SHA256=77CF0437137DDB923472FAA198765A696AB836220DC70BE3934173C1AA33DE48,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014845Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:10.979{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10767836AB84A0B0C68DF66DD6C6A750,SHA256=0C7638C894B849C9666629C8523024856AC78C15994E30CD6E2FC3AB09BDCB4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030765Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:10.536{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B14440A08344727822E858C6A2BBCD9,SHA256=69B7B61364F763428BFC8C06412D6A1FF2EE67C6CE7DB247BC8EA55B43018D98,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014844Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:07.142{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50395-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000030766Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:11.676{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3D4B39A0841A0494FE87AE82A122320C,SHA256=82F70661ECC83E9C5A77E7972ACD7146AB6671CD02A91C6F15BA7DBCA45ABC0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030768Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:12.692{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=692BBC7C49B1E7BFF99989B9AA8C50E1,SHA256=EBCD1C82EE99A0ED2052466AD4DBEA2EDCE00F5BBB63AC30AF861B3BEFF026C8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030767Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:09.742{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52116-false10.0.1.12-8000- 23542300x800000000000000014846Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:12.072{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C1077A8E92ABD8C6FAD5D7ADCC8984BC,SHA256=0ADF42FE600E8D4239C241253DB43F6484DEC54607D51EF960228C91B8C1E1B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014847Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:13.306{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=97ED4025E30AAD91DB319C6E903F373D,SHA256=7E0E049CA0DCBDED68BF9096E2F2E0553A4C51F5A1BF42E1E21CFF608851E0F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030769Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:13.692{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7D3433CB1E80F08E5EEC186BD5909155,SHA256=F954BAAA255B343BE59530C92D6B649E4A9E1C30AE3E9711949D6E6EEBA17A6F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014848Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:14.539{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=79576BF8B343BA11CA033218BBB1D286,SHA256=9BBAFE1A50F007F0770962155185F664A8A2630BAA212DB3E645896B0819B5BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030770Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:14.708{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B5A2B83D096CF3A37387CAE19A09984,SHA256=F639556E6D80DEB83933DF10231311E4431185513E96FD9B2808BB522678ACB8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014850Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:15.633{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF4E5581AE06AAA184C9F596BC5CA784,SHA256=924AFCF466B33E4347B37C4E333CCDD458BF44BDE02BA612556059EEA3F057E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030771Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:15.708{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7854D6DAD71A4CB80625B317CA8FFAFC,SHA256=5ECB294338CF72CBA90D3FC2FAF2E8DF69D936CDDD6EE5637EC3F5DC9096FFC4,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014849Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:13.155{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50396-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000014851Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:16.866{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AF528C9FCCEE9E6B4165725B0A1360A9,SHA256=3323B341506412BFFA0EE33320B182472C17535514D0679924163225456360A0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030773Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:14.742{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52117-false10.0.1.12-8000- 23542300x800000000000000030772Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:16.723{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E886A4028911D2F8307D7B0860B75968,SHA256=912BA7182B55659D4C2C8AB999C99D1CCACE49B5972532A14ABD826CEFE584BA,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030778Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:16.258{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52118-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x800000000000000030777Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:16.258{6EDEAD03-FC2A-615B-2900-00000000FB01}2912C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52118-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 23542300x800000000000000030776Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:17.723{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4F8363D0F7043E20AB156C5F32F3654E,SHA256=7B0E14016FF0BE5E848844F00CA51BEEFB95DC01CFDEBFE256E0A34C77A01B7D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030775Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:17.676{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=96A046E3B7D956C7BB9E94FEB9CBF5B3,SHA256=6F8232E326203A679CF5966CC39C2A2BBABB47B6397A27EE14C5B5283D57CEB4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030774Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:17.676{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CD3388E9808D1BD7285565DC62B95F97,SHA256=6ADA71BD1321755ADAF928F302374C57B8545FD22FA8168D94483AD056A133F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030779Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:18.739{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=024109B43E1B3CD2DC39E4FDFF213FAA,SHA256=260397CFD8867D140692E2421359B7534E43ADF67FBC50A64DBA466E4432BA43,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014852Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:18.100{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=26F44FB4628E13F4040300EBF9550E5C,SHA256=F306C0EE68D62CA8D2C2C8312BAD3EA22D2E4690E9F88ED303273EEEF9EA32C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030780Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:19.742{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E715493E676DD824E7DEFEBE98DA85B2,SHA256=A1947F459C7C6D9C89C3790607E1ACC02A56B0C48B1F3963852FC7A56DBBD947,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014853Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:19.160{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=981EB62308140A37372126DB9C50CC3F,SHA256=C1ACBB75E9CB9659F2E087C3DFFA085F6EC83818404BEC15816C0096F45B2735,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030781Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:20.757{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A75EE87473D1A7DB101E1480031D05CA,SHA256=F6CCFAAF6BAD6E7D9B85B76FD20FCC82A3E921D223DD5FA86785EA271B38B82D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014855Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:20.380{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B137FD0BB4BCADE0D0CB691DA0F86FE3,SHA256=9FDC01E37DF2C64C220E3707CD189667D82A083715B20D91CE3CC46A15ED2A4A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014854Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:18.231{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50397-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000030782Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:21.757{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B6C4A0E8680A54BDFD6502E8DBD22BD6,SHA256=5361D0A2598AFBA4538327C46917555A532B9BE819139B45FE4EA44F4BF5C160,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014856Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:21.426{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F0D48939B25F645439333738650C4450,SHA256=948968478442D3F227150C15BE0D6A4B1DCBFE8C471D269F694F19B34F1CECCB,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030784Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:19.839{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52119-false10.0.1.12-8000- 23542300x800000000000000030783Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:22.757{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E082A75A5024D846CB7F2C14AEBD283,SHA256=A0EF731552A04506878E92F998A05FFE7F9F789CE3AB9D13ACCD36139069ACFD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014857Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:22.660{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B55F259014DC8C0078F4BB6B8829EA53,SHA256=8AF9CA1890229911ADD2EDDEEA052C7A409ECD912D5976E1A7E52B7CDCC5A148,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030785Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:23.773{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5806CA11DBF32884EBAAD502E57B939A,SHA256=1EE1C2C741397CBF17CB417EA69AC6EB11FBD907ED17E65F8D13516CEAF6D459,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014858Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:23.801{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E96F363C6E674B660CE6B3B2F5ADEE88,SHA256=5FE6236E2E01B7D12CB64104EA83EB65D41F33FF0566F0965F31116156504085,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030786Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:24.789{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C74E2B328AE92B403D2CCC09E89BF3FB,SHA256=48CAB839B35A71C3434D14E44A65622DD5D7319692C1B7B4203801774884E9A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014859Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:24.973{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=44666961D0A2C08C9CDE9FACC7C8C7B5,SHA256=AFFB99C4505BE1496A8F4BB0CCA3151F7113642A06E5C2B4F8087417C98E153D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030787Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:25.804{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9898501CB87250A103FEC3796B8EFADA,SHA256=BABCBD2D68ED4F8E112DB55693AD8D8B77BAFDF3B1747D252FB52FB2D2B1EAF9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030788Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:26.820{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=71A673D538767C2997E4025B4427F19F,SHA256=6032CA8C9B8AD32B4B33E6F16A71C0D605FDDFC1FF8FF4EE7A3B7E9E9D92247F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014861Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:24.259{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50398-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000014860Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:26.066{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=82C8646F75550E82F3709A13E87F5B56,SHA256=5E638965C44DF6A341E2F5AEAA8A2036ACAC7D55FDC8678B8878DB63F4589325,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030789Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:27.820{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=366AA26087502955216C6F2692A473A8,SHA256=003BD928C42DDA3BDEE53FFD42C9600F5768A5B5271781184A83CE35B146070C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014862Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:27.254{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=351C41004B626982D18524667F832C3C,SHA256=12C81D0E96EFC168101976F29948F70293450CEEDB32C50DDCA80CA9BDA8BCA6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030791Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:28.820{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85ED1435AEED2E288A3BAADA4B9DB856,SHA256=C804FBBB15F39CDB5D5CC44F69B9D47DBFC3E31B0C58BE9FE186D234B2E71915,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014863Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:28.269{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6F16B247B195E45D24167C921EB7AB80,SHA256=DF29F81A96073F756C074EB74A9F216732690F23C5F33FDF6755F20762733832,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030790Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:25.792{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52120-false10.0.1.12-8000- 23542300x800000000000000030792Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:29.835{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F77F1CD85F22406A155CD8E6ABFEFB01,SHA256=25932AAD1C975DACA1ABD845B0F34A77F79B066143666B845A97328889C15AC7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014864Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:29.285{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=55866F0CB8D8D68343C4B107ABD5ACA6,SHA256=61BA9D4F130B5774727D8FF9D4D96C216223F5E82B6E474B3B3E57A3416D86A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030793Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:30.835{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B59549DE2D1F6881710C28A15D91BB6C,SHA256=3F7A1703216C8E41277FFD7E2245EF70D3BFE6870F8A183DFE62714DC945FC12,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014865Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:30.300{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5196F6CEB2F3C5595C361D7646224BBE,SHA256=7498AC8726F614A6091EA154F0CF32E392D837B4F94B91D32035394D733B521B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030794Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:31.851{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=15E491D468BA5EF784515256FFAA9EB9,SHA256=EEA0DA2774A7B9AC550DBC397E114226DCE22832678EFE4193AAEA2F45463D20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014866Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:31.316{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F9EBF6BB5384143761495C4E7860F32C,SHA256=C46DE8D2B544F563926AFEC8D49799D78AA4530108783DA34DBBFDB23D57A95F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030795Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:32.851{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D62F70FD622CD1D8B39D67D53AA4613D,SHA256=DBBBDD1CCB563E2F79C0A1760EFEA89977C33E2A60D590B0A9C01AB524076083,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014869Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:30.150{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50399-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000014868Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:32.488{49C67628-FDEB-615B-1100-00000000FC01}964NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=3CB4AF9BF019287FEF6D8BC332311323,SHA256=552261A5EC1A0C7F3416A35AA78BD7E67674375BCEC9CB885898E381129398D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014867Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:32.394{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A5AAEF49A0B32FDEB279E2BE86F7D858,SHA256=06F41DE9C49A7868F620449B42D78DA5FF5F7690948C9F184674A68542D1F542,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030797Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:33.851{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1832C2C63E18BD35BFB2206D2F85628C,SHA256=277431C44FECFF181E0E0E8094F07742C37DC40A7E54969F7EE9C3F5C7BC843B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014870Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:33.628{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0965372C786072E3556D12D09ABAC511,SHA256=E4603D727B52BC61F783A7B8122D3262A347B56B57E0D9D714010D8622E9A5DE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030796Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:30.792{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52121-false10.0.1.12-8000- 23542300x800000000000000030800Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:34.867{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB82BBB09061379A45BDD832DA87F4A4,SHA256=DBCE9762B04CA761103B58C52B9D2CDB25062ED65FC4C34ACCFD511B1A6E7B39,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014871Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:34.675{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7CFD4400EFB1308FD5863937A48B7FC9,SHA256=6EB7631E6FBFEEC29D306D9D471E18FE68C2B9D2838AA05DE2E1255C3D8D8D40,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030799Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:34.367{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1DC749111318EFB79BBA10108087D0F4,SHA256=09720B9F06F781FEF8582FB35E439DDE54F09B39C850D735FC9FBF8F5903C4C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030798Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:34.367{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=96A046E3B7D956C7BB9E94FEB9CBF5B3,SHA256=6F8232E326203A679CF5966CC39C2A2BBABB47B6397A27EE14C5B5283D57CEB4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030801Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:35.867{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75EFD79FF89ED616CE2518CDEFD6ED32,SHA256=ABDFC5CC824AE7AA7A451C4E3E935DDCDBB7F19C0C175D1320462B75E86C0ADE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014872Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:35.816{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CB93A69FDB14B8E9F658D5531E56C761,SHA256=B1441E4B958C3C69233F314B6EC0A4DF050FEC507BB96DF2539387ED6D21CDAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014873Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:36.972{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8204D00A32294C969F79A675821CAD04,SHA256=8B5EE03C1A9D25CA33F22199A02DACA05DB2A7C02042558E134CB75B163A91BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030802Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:36.882{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=675FE447A39850B5DD28A5B0DDFC47C6,SHA256=816867A49CEF45FD255C393D334C75961A4F7CFAADC90750A7A48606CE5350FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030803Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:37.898{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=04F25861BC31D14D583901EEF5B96F53,SHA256=DE20D183E8E83B8037DA59A81ECC68B23884FB5CC484C95A25B15817B62CA992,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030805Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:38.898{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=78E7F0250B60732647699397210C6A33,SHA256=ABBA9CDCAF6E04288A464FF6D177EB9410C46130D646B018EE2256AAAE1D65BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014874Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:38.097{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1F1232702042471C73BE390753AF5E42,SHA256=0F5192DADBE6E5EA5FD90537539F2E46F0CC9B25B251C5AA9B7CBD55FFC18F7D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030804Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:36.792{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52122-false10.0.1.12-8000- 23542300x800000000000000030815Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:39.902{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=833DEFB4D5202398B9939EC8ECCE05A4,SHA256=70D53B6DC85653E4F374892863F4C985E21C4CE513DFC820600D511FE0A354D3,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014876Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:36.134{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50400-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000014875Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:39.227{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=83D1028104F778FFAE5A19D7A5785E1A,SHA256=82313099C20426A0A5C92C7C6660F54ECDEEADCE55DBBE36239370E8D3597E04,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030814Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:39.637{6EDEAD03-FCBF-615B-AF00-00000000FB01}416NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030813Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:39.621{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0BC7-615C-5206-00000000FB01}5168C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030812Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:39.621{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030811Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:39.621{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030810Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:39.621{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030809Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:39.621{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030808Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:39.621{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-0BC7-615C-5206-00000000FB01}5168C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030807Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:39.621{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0BC7-615C-5206-00000000FB01}5168C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030806Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:39.622{6EDEAD03-0BC7-615C-5206-00000000FB01}5168C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030835Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:40.902{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=829C87E3A2A2829732A73778CAF952F5,SHA256=E9BA7CF9CFF31BD86C6F50FBB152101C435E6FCC30BB546169E36BC3C0415FD8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014877Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:40.352{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=758257523DCF5F2AC80F643A101FA799,SHA256=04E13E491276709B134A0C69F89AD49967791FF5ECB8B3CCB10A5E094454E81A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030834Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:40.856{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E243E22051E5317587D6D17367538A1E,SHA256=830EFAE6AFB0F042C6BBA241C59E54C5195AF45777A509F8C52F16B31EE34369,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030833Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:40.856{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1DC749111318EFB79BBA10108087D0F4,SHA256=09720B9F06F781FEF8582FB35E439DDE54F09B39C850D735FC9FBF8F5903C4C8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030832Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:40.856{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0BC8-615C-5406-00000000FB01}4972C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030831Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:40.856{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030830Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:40.856{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030829Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:40.856{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030828Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:40.856{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030827Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:40.856{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-0BC8-615C-5406-00000000FB01}4972C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030826Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:40.856{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0BC8-615C-5406-00000000FB01}4972C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030825Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:40.856{6EDEAD03-0BC8-615C-5406-00000000FB01}4972C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000030824Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:40.356{6EDEAD03-0BC8-615C-5306-00000000FB01}59846372C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030823Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:40.184{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0BC8-615C-5306-00000000FB01}5984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030822Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:40.184{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030821Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:40.184{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030820Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:40.184{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030819Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:40.184{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030818Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:40.184{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0BC8-615C-5306-00000000FB01}5984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030817Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:40.184{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0BC8-615C-5306-00000000FB01}5984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030816Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:40.185{6EDEAD03-0BC8-615C-5306-00000000FB01}5984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000014878Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:41.462{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F8A6B636C28645B71050A8D68E9A6CBC,SHA256=2A127BE9C124CED4A0434311FB654579138CB45CD9C0D4B451B7A8D56747A490,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030837Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:41.871{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E243E22051E5317587D6D17367538A1E,SHA256=830EFAE6AFB0F042C6BBA241C59E54C5195AF45777A509F8C52F16B31EE34369,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030836Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:39.218{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52123-false10.0.1.12-8089- 23542300x800000000000000014879Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:42.649{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3CA2DC3E56CF5BA3F9A7E3D0088480D4,SHA256=5542D59826A48F41BF5F83E07E1E391DAECDC59842BE1ED1E53AAB292B104648,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030847Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:42.606{6EDEAD03-0BCA-615C-5506-00000000FB01}43846400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030846Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:42.402{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0BCA-615C-5506-00000000FB01}4384C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030845Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:42.402{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030844Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:42.402{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030843Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:42.402{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030842Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:42.402{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030841Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:42.402{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-0BCA-615C-5506-00000000FB01}4384C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030840Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:42.402{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0BCA-615C-5506-00000000FB01}4384C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030839Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:42.403{6EDEAD03-0BCA-615C-5506-00000000FB01}4384C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030838Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:42.027{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57E37DF2D21983A8EC4598A037632EAA,SHA256=B2C2B6214940E2206C81DA271B89E8238DECD05AEF158A553919DC9C9833D5CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014881Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:43.790{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=720438906F1BC419C227C25374D0E801,SHA256=6F14DF34E67B80A4F3328AE451AC2961087D833452C073E642ADD3C7809F00F6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030868Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:43.874{6EDEAD03-0BCB-615C-5706-00000000FB01}49324748C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030867Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:43.702{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0BCB-615C-5706-00000000FB01}4932C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030866Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:43.702{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030865Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:43.702{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030864Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:43.702{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030863Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:43.702{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030862Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:43.702{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-0BCB-615C-5706-00000000FB01}4932C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030861Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:43.702{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0BCB-615C-5706-00000000FB01}4932C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030860Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:43.704{6EDEAD03-0BCB-615C-5706-00000000FB01}4932C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030859Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:43.405{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6028FF736F34120821A6976DAE6DF77F,SHA256=33E1D11EE4A56D5B1A817793468FD797A4059F46CED6F5491E9EFB1911DCC4EB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030858Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:43.233{6EDEAD03-0BCB-615C-5606-00000000FB01}48966592C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000030857Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:43.214{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DDC353EA28D7271760801EAE28E75035,SHA256=0E62FB9B9266F739812E03C08C4BA921F83A6FD76339F4815289FA8796F079C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030856Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:43.205{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211005071805-064MD5=AA6F78CCC35FD74424B933C975A9F779,SHA256=482DFC86E7C4A11E76E3E352EB64B396C84C083D9F57F37823883232EC55A225,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014880Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:41.154{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50401-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000030855Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:43.076{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0BCB-615C-5606-00000000FB01}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030854Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:43.076{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030853Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:43.076{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030852Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:43.076{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030851Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:43.076{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-0BCB-615C-5606-00000000FB01}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030850Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:43.076{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030849Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:43.076{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0BCB-615C-5606-00000000FB01}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030848Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:43.077{6EDEAD03-0BCB-615C-5606-00000000FB01}4896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014908Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:44.852{49C67628-0BCC-615C-7602-00000000FC01}31643228C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000030880Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:44.907{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B8E907CDC66284F69FED90F0BD977848,SHA256=65B811730019B8C2507942CF62023E823DA971F4EE960C87DBF856084C99ACF2,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030879Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:42.688{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52124-false10.0.1.12-8000- 10341000x800000000000000030878Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:44.325{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0BCC-615C-5806-00000000FB01}3388C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030877Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:44.325{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030876Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:44.325{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030875Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:44.325{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030874Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:44.325{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030873Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:44.325{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0BCC-615C-5806-00000000FB01}3388C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030872Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:44.325{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0BCC-615C-5806-00000000FB01}3388C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030871Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:44.327{6EDEAD03-0BCC-615C-5806-00000000FB01}3388C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030870Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:44.279{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=186CBF0569B3B12CC4D948279A67AB91,SHA256=9CD3C1AD390D18631108771B79D26FDE5805243B1C9F9EC8DE5E39F5E8C5A562,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000014907Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:44.696{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0BCC-615C-7602-00000000FC01}3164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014906Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:44.696{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014905Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:44.696{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014904Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:44.696{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014903Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:44.696{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014902Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:44.696{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014901Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:44.696{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014900Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:44.696{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014899Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:44.696{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014898Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:44.696{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014897Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:44.696{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0BCC-615C-7602-00000000FC01}3164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014896Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:44.696{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0BCC-615C-7602-00000000FC01}3164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014895Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:44.696{49C67628-0BCC-615C-7602-00000000FC01}3164C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000014894Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:44.196{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0BCC-615C-7502-00000000FC01}1252C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014893Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:44.196{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014892Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:44.196{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014891Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:44.196{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014890Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:44.196{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014889Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:44.196{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014888Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:44.196{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014887Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:44.196{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014886Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:44.196{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014885Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:44.196{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014884Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:44.196{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0BCC-615C-7502-00000000FC01}1252C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014883Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:44.196{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0BCC-615C-7502-00000000FC01}1252C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014882Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:44.196{49C67628-0BCC-615C-7502-00000000FC01}1252C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030869Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:44.203{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211005071802-065MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030881Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:45.344{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6ED9BEF732C9D43BBF8AB6D4EB03E090,SHA256=44F352D5504D8F8135D5A28ACD28623CDCA3EA639B0C062E9912D22BA99BF627,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000014924Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:45.274{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0BCD-615C-7702-00000000FC01}1764C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014923Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:45.274{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014922Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:45.274{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014921Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:45.274{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014920Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:45.274{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014919Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:45.274{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014918Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:45.274{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014917Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:45.274{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014916Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:45.274{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014915Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:45.274{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014914Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:45.274{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-0BCD-615C-7702-00000000FC01}1764C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014913Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:45.274{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0BCD-615C-7702-00000000FC01}1764C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014912Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:45.275{49C67628-0BCD-615C-7702-00000000FC01}1764C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000014911Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:45.243{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=56D9C3B7345894E3D8CE4ABADE04667E,SHA256=4D98D443A0F514BDEE949D649710A75F345F07C54A9146278846096B527BDCBD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014910Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:45.243{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6519282CE283C6D0E8685CBA5156DA05,SHA256=01CFA0C1DD863D7C07E6B026DB0B647764689A1B8B4C433BAC8D81EBF180853C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014909Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:45.055{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EC86408B3471F7A7EF4F24A88C9731E4,SHA256=9F77B8CE30EEFD6580013BC6A1A3D716646A40DC2984FFA9B552250957FD7E68,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030882Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:46.360{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=58E6CC7A0D86BFB1C5E23A434A2DEFC8,SHA256=B769EA8B60647983FD68659D96952F75B60F75853D890125C9580CFE6C5A0A39,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000014940Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:46.539{49C67628-0BCE-615C-7802-00000000FC01}5283412C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000014939Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:46.493{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=56D9C3B7345894E3D8CE4ABADE04667E,SHA256=4D98D443A0F514BDEE949D649710A75F345F07C54A9146278846096B527BDCBD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000014938Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:46.368{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0BCE-615C-7802-00000000FC01}528C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014937Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:46.368{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014936Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:46.368{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014935Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:46.368{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014934Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:46.368{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014933Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:46.368{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014932Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:46.368{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014931Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:46.368{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014930Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:46.368{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014929Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:46.368{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014928Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:46.368{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-0BCE-615C-7802-00000000FC01}528C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014927Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:46.368{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0BCE-615C-7802-00000000FC01}528C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014926Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:46.368{49C67628-0BCE-615C-7802-00000000FC01}528C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000014925Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:46.071{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ABD649879482FD3E79267570407325C9,SHA256=A0A6C546C4C02CF7D0E8CAB49D3D32AF1D26CDE18FBEFF89E4743EDD1B44F658,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014942Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:47.883{49C67628-FE68-615B-9F00-00000000FC01}1772NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014941Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:47.305{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=708FC747773716AEC2ACD10EA34B49DE,SHA256=83013187A6D0F9388C27BEB4176E4824431393A3E1F2E825F69BB976491A3C66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030883Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:47.360{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EEB322C82B45DAAD6598CB3EFA32F3EB,SHA256=72323D35A8E2A25955FDF7A73D71B50290066D116B5F420545FE250CA6398081,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030884Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:48.375{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7D35876C2B66784EAB60D7839C4AA561,SHA256=76B98BF2819A135C8BB6496A0AEB1C7F21BE171BD0A0ACCEC3C3015238323FE8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000014972Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:48.946{49C67628-0BD0-615C-7A02-00000000FC01}19362000C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014971Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:48.805{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0BD0-615C-7A02-00000000FC01}1936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014970Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:48.805{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014969Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:48.805{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014968Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:48.805{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014967Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:48.805{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014966Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:48.805{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014965Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:48.805{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014964Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:48.805{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014963Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:48.805{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014962Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:48.805{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014961Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:48.805{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-0BD0-615C-7A02-00000000FC01}1936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014960Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:48.805{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0BD0-615C-7A02-00000000FC01}1936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014959Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:48.807{49C67628-0BD0-615C-7A02-00000000FC01}1936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000014958Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:46.232{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50402-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000014957Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:48.414{49C67628-0BD0-615C-7902-00000000FC01}23363124C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000014956Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:48.399{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=91BB5C702A6FC5BEF213B2A1DEF4D640,SHA256=D625FB2A209985B6564759019D3B51BB03B9C171332C88D816EF30E0318969F3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000014955Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:48.274{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0BD0-615C-7902-00000000FC01}2336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014954Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:48.274{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014953Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:48.274{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014952Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:48.274{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014951Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:48.274{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014950Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:48.274{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014949Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:48.274{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014948Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:48.274{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014947Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:48.274{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014946Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:48.274{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014945Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:48.274{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0BD0-615C-7902-00000000FC01}2336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014944Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:48.274{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0BD0-615C-7902-00000000FC01}2336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014943Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:48.274{49C67628-0BD0-615C-7902-00000000FC01}2336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000030886Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:47.691{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52125-false10.0.1.12-8000- 23542300x800000000000000030885Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:49.377{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19422E54B6E3AA0E6D8B21B51EC6C0AD,SHA256=2DA425D05494EDC845A8789F1B0F3FC47970D285163708F2F178DB194429A8F9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014988Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:47.920{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50403-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 10341000x800000000000000014987Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:49.430{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0BD1-615C-7B02-00000000FC01}3640C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000014986Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:49.430{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C9DD626E08C719C8FC9DEC8B41F8A37A,SHA256=7EE704BBF783259687CB4579F4D7CE2B003EF4661C05850B26CBE641ADD85596,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000014985Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:49.430{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014984Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:49.430{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014983Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:49.430{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014982Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:49.430{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014981Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:49.430{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014980Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:49.430{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014979Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:49.430{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014978Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:49.430{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014977Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:49.430{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000014976Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:49.430{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0BD1-615C-7B02-00000000FC01}3640C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000014975Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:49.430{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0BD1-615C-7B02-00000000FC01}3640C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000014974Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:49.432{49C67628-0BD1-615C-7B02-00000000FC01}3640C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000014973Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:49.289{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=417D2FE42ED2AC02781BDF78B41A16AE,SHA256=BF29B2CB62F8CBFE151428B23CEA5A81DC22C549C244A7928EFBA024200FB3F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030921Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:50.766{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1FADC354D5589C83FD073D5423A175AB,SHA256=A2AB626D9DF715FBBB2D6154466CBE4BBCC3D19C623A7AE7EFA49FCCF89D79C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030920Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:50.688{6EDEAD03-FC1D-615B-1200-00000000FB01}616NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=183713C22B20FC6C27F4CBD23E6A5431,SHA256=AB0967F1EEFC02984CC417435C55F07D8BCF656DD14CBFEE22A609681D4BB80A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014990Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:50.586{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9BB471CAB6C3D61F850686271E333DC0,SHA256=191830CE0A0661BEE396366F3FED7D21FB902B48916E9F14EAE2D0762B1D52DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014989Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:50.461{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75B46A5B9BB18CF96B73E5A014CB08E4,SHA256=BEEB7B8927328EDF5000784F348E09FCBC19D863120394391ABF07F3FF6C4E28,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030919Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:50.344{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030918Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:50.344{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030917Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:50.344{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030916Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:50.344{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030915Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:50.344{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030914Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:50.344{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030913Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:50.344{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030912Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:50.344{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030911Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:50.344{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030910Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:50.344{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030909Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:50.344{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030908Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:50.344{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030907Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:50.344{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030906Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:50.344{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030905Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:50.344{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030904Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:50.344{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030903Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:50.344{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030902Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:50.344{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030901Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:50.344{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030900Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:50.344{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030899Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:50.344{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030898Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:50.344{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030897Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:50.344{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030896Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:50.344{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030895Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:50.344{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030894Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:50.344{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030893Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:50.344{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030892Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:50.344{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030891Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:50.344{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030890Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:50.344{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030889Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:50.344{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030888Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:50.344{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030887Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:50.344{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000030922Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:51.704{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BFE3249376FBD5BD589563DD8B010A63,SHA256=6606CBD6ABDBFD5D6F986AE83AEFF36ECCB0A64A43C16837A07D0F994282124B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014991Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:51.602{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3D57FA4DA99ECCEA815225649802B457,SHA256=AE64DD23C9DDBE9C4EE6FBA8D60D802D513B95853EB923DC82250993EE6D0354,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030923Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:52.719{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8EBECE93CD6E5E113C3DB1ADA2540E94,SHA256=7CAE8C2858D0522577608B9C2D79C64919643DD46C2102F0AA0B6D2545FE4BC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014992Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:52.758{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=47E99CAAA7BC55D7F1ACDA6F158C0155,SHA256=BFFA605D557B0AC012A1CEC0EB4DF423475D0C19805C103C676C8BFB45E0BB21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030924Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:53.891{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E5AF01C98D0E58782DA4986C2816B759,SHA256=83FF54F8E258BE14FF7CA7AED070F6AA7BEB1538C95D0AF081D466A6811ED123,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014994Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:53.852{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CA6AE5F0643A6F4FA80D9475BC1E405A,SHA256=959D87E2680A3744B7A12B07FC3D07CAFDD3AF2D2320659B87BC0149E8B9D9CA,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014993Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:51.263{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50404-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000014995Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:54.977{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=670799759C6BFE4CB7154079268B23C1,SHA256=899B51868D61FC47330C010141F67771FDFB427ECC56C2013DF7B65B12F1070D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030926Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:54.907{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=76F09C36E203509F234D34A5E71E934B,SHA256=22F2C3BE9211CE28EAE5CBC85DF5E7DD32DE61CEADFEA237F0DEE03157687688,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030925Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:52.753{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52126-false10.0.1.12-8000- 23542300x800000000000000014996Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:55.992{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F4E0684818CD216F53B670FEC4AE89AC,SHA256=588CF89BDBA0272B680465365938C51D6812FA7DB20C1F8341C46041746E7243,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030927Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:55.938{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=83E1C2E1E4E1873A57895D4D19FE9F4A,SHA256=3AF791CB57A614E503D3998ED5B58A0D6398DD224E23D8D7F33718FC130EDE64,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030928Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:56.938{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F43A71F6DB65B1E10567853DB53AA444,SHA256=733C23329034148288DD6699E691FB9955EBAF3518AD2497F92C1E436A04DCDC,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000014998Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:56.279{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50405-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000014997Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:57.164{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=96C702A223A245E47299650FBCA8576A,SHA256=8674117AA218F48DB0A6B6EB44366A28DAF59A89D08B1F9B6F4C159D81038AE1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030929Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:58.157{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=132CA20125318D7AF67F47A3BB131738,SHA256=C0990B5CAC1E477C914AC72E8466132EF1BB83DEC405C81DCD8D811DED48E778,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000014999Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:58.180{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D1BFFDDA369C182BDD8799FB8F63805,SHA256=6EF35F7B4D3DE14A75DD6AF7CC8305D3E1E40D3F2EA5A63EA235C6DC06338408,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015000Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:24:59.427{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D5895E3A0788033B188CB34B5D7F08CD,SHA256=04A7E9FB8D46BCC0F1260C6798170C31505C6C8F939BC23E26A26FE8F47A87DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030930Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:59.383{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B6D22DDE198917BC5B913E5E8F50E86,SHA256=3A26C786327199D8779C5C375B89C9ADAA07477D2EE84E1E2F58ED286A59605A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015001Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:00.489{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B9C3F9A81FBE4CF28EC760FEC9D94957,SHA256=6D75C2D9BAF79B54C66F87C5B2CD56E62E0058D93E9021915C063722A7B987C0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030932Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:24:58.691{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52127-false10.0.1.12-8000- 23542300x800000000000000030931Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:00.399{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AED738BEFD8DC7D10733BD46AF573F29,SHA256=98C7CAEF27CEA8459A0CACD2962CF47564BFBD8AD089272CBAEC276DF21705B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015003Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:01.900{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211005072534-057MD5=9DBD3CF651CAD1963D7DD9E70795396E,SHA256=D00FE5240C0E39CC33FD8ADFFDA13197E8833401D0A3D05F731F6A79B8E00229,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015002Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:01.554{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BF6EEA3BA43FE132CDCB5F175636740E,SHA256=D87D87687DB664C545C5313B6B280346A9B7789E5CA517A02ADC8AA50F26E793,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030933Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:01.477{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F2E370D04F893ED1C371A788109A64F8,SHA256=8729A839F62C854D16D0159726198FF1170D76F493887CBBB30AB414FC6E1E53,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015005Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:02.901{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211005072532-058MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015004Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:02.745{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4D6111C13BC46DB2125D4F74AE8B5019,SHA256=F01D4BEC8532564BF1AE888BA3BF6033278FAE198E672FEFB333D8C5F1DC8766,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030934Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:02.524{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B51B1FAAD4C935FD03F12ED4816D0137,SHA256=58E409E3C4E26B0C60E685407C9F3230492A92957B0C175FC11492506C40301B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015006Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:03.948{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=66E1D212893244F725E44DB30E70597F,SHA256=E5976D286204E8673AE7A19406A8B1857DDA42FE8F9AE36286A93B0E84FAF43B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030935Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:03.774{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6893305A67D6DB9E1546FE2EAB0F48CA,SHA256=F0594313898421508E312BE49306E4A94BD697204EB0979C1C5397B4B74BEEC5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015007Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:04.979{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E4B28DC64EA18242AC29233CE2193C4,SHA256=BEA3F2CDC5DC6DE74F068997DC25A0146696FA5F1C61FA30C8BD8F906E79CC9D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030936Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:04.821{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C2778E6E06F6BBF97F518C40C7E5CC8,SHA256=20791C4F85E482B52D72D58A79CD490808A95611C82A8EB751593EE0AE4473FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030937Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:05.836{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=53FBF60E50841FDA355F12108A14E4B6,SHA256=87224708F8DE8AD653DCFA33339D71689D77AFE47587FBC6B544F474F084A097,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000015008Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:02.110{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50406-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000015009Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:06.214{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=60E2A2629ABD6568FAB2EFF2CDAEE90C,SHA256=7A83E5C37E9C49619E70D9169B774C868F64DD006B8945347C95AB54DF451E47,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030938Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:04.683{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52128-false10.0.1.12-8000- 23542300x800000000000000015010Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:07.448{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ACC40F27DCBA9C2C51F3BF7184657307,SHA256=0597FBBF1DB8E3A69C24CB25F4173F44CBFF5775655C88A7F15C34BF9E606E22,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030939Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:07.071{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=543B770A906DD27C1E4310EE9960606F,SHA256=7D9E6E149166BB2AA604647829D91760EB9B9A8DF3138A1E18C69A593F49477C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015011Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:08.667{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B11487AD4BFAC42517CF193AEE13D801,SHA256=A3FF867257AE4492CFFC1F5A5ADE3654668EA880B0F365815D9EC15363ECD65C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030940Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:08.086{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9CD3CD068595CFB08DFA447C7E0CBD33,SHA256=83269C25F72C00E55D51F54A916299DD383D3C3A806F87726D693477B649FA21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015013Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:09.838{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FA58B0F61702B985D6FB820E2FB6F9FF,SHA256=A3934DE169012D1DE66C865826580B0C3B2FE99F28310AA9E204F0A2E397C374,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030941Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:09.102{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=60C667B723D04637633CDDFE6C10918D,SHA256=EA43E4774DD2F006FD9894A8D17830B14D2EB86968042C03182D1E973AEE89EC,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000015012Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:07.235{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50407-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000015014Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:10.979{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5C1C89F2B7D68D7F99057C44BE2360B0,SHA256=BD5DCB477461930E95C17E831774ED36DA4A7F9F24E8E7DE792E44824CF5DAE5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030942Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:10.118{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A96871E91CD1FAA9087A77ACB7CB33BD,SHA256=B43855EE355DAE9CA7FC9157A49AEC829EE09B764AB0BE37BBB1AC5AC6E1D5D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030943Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:11.118{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5D6F4C00A8C1F61E64DB74C38B45C86A,SHA256=ADD98AD607ED54A8595D2E18CD2B31F319A90CFA28242FE4DAE6B4ABDB863CC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015015Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:12.120{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=01D7E5120B214070F4C6C5689D8F635C,SHA256=96A3D46EF99205779EF49ACDADB8975ACE096437C849DD12582595D1444687BE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030945Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:09.714{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52129-false10.0.1.12-8000- 23542300x800000000000000030944Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:12.133{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AF407EBCBA173B13C6D57CD6DE38B71B,SHA256=E4057780AE59894498B858983D84DD0750699A2EF7A3BC380934F7C8CD049A13,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015016Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:13.229{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75C7A3DEC5C9B0325370EFDAFD97638B,SHA256=9326A23BA68ABDE713D3E4D1928855618029DD8E5744492166FFDF4852365631,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030946Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:13.133{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C0BC6C2F03DEECCB1CA2FCB7E3CFED49,SHA256=8191715C438F8B8ECBAF2A1C0A9C052F04B492783B5A57080C0E991EF433B36D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000015018Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:13.297{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50408-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000015017Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:14.354{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A4ECB22B5D7D910BFB3291F3CE15525E,SHA256=DBF7DAE306070EC087F26987BA39827289233B112A0FE374734976FEBC6C7DEF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030947Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:14.133{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E37D6C7AC44BB2D48F9357B834265650,SHA256=A2AB246D9F2ADEA12266C53C1F8BB169FF602295BCDF208E9BCDA4225BC56D52,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015019Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:15.541{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E8C1BA21C91E9F9B09CE452722AA3948,SHA256=64892D4C47FBB7AD7761904485812B1E6A534CE80E15DAC4B489C233631CDBBF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030948Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:15.133{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=94E38FA69BE19E8EE2F98BC2E1068B91,SHA256=F98203FD7930A789BE6DA54E73311F3169714BD1EB25D2F8B27476F86D215C98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015020Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:16.776{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4EF414A90510759E76E75E482A481ED6,SHA256=122C5C167ACF4868E499DCACF1E7063820FB9361033CA4490153BE21322876B4,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030950Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:14.824{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52130-false10.0.1.12-8000- 23542300x800000000000000030949Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:16.133{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1111E658FF27DF4B7A92D153449BFB39,SHA256=4E1D8D36D5049909E7398F0D427D137ABCEC99E1AAA62D0B128658F6BB6F161B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015021Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:17.791{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8EF45E5CE4DEDF0FF83BB151DF6803D5,SHA256=729CB2B2E1503A546986268E41B251667D17FBD846ECA752DC080913102237E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030953Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:17.680{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2E04695661B7AA73BE7A5FBA948E2F42,SHA256=4B873717236719D344766E88BFF1E7F68E9A9680E72D51BF06ADE93988FE3660,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030952Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:17.680{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E378A3583DD7056E11555E6559D43984,SHA256=206C0646AF8B359B4C3AFDAE490EAF79147A5000037297ED2F4DEBADDC2B53A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030951Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:17.133{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=44642B625ED64D67323C35367146B099,SHA256=21608A98C95A5B713CE6EFC6E8F65B7182BD5B704D5B8E4F002CFBCF13C34D68,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015022Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:18.963{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8849497632C6894D59A5F087CC61B8CB,SHA256=7E343996A1E295625F0248FF2DED40168EAA57CDC6EACDFDA93DC101A720CCFA,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030956Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:16.261{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52131-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x800000000000000030955Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:16.261{6EDEAD03-FC2A-615B-2900-00000000FB01}2912C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52131-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 23542300x800000000000000030954Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:18.149{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=930A1B26BD1F5A1F0B0D77E3C7A38949,SHA256=030D09CB3BBAAC75971939A8CCB316795615F6E5376235CED7C42AED6806B8FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015023Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:19.993{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DD94A382AA754F67D50C059C8C0587B0,SHA256=C1F079473468138CF969CC4116B20E9CFFECD5A2EC3718F5F5D627E4AB963106,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030957Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:19.165{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2D8DCC426874E403A7A66B71EBA82D3,SHA256=120F6765D2334118A2A93A15D88F423271DBE0482C6C9EB6E2AD51A2729905EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030958Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:20.169{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D4D418E9406878482A7023112D04A058,SHA256=4D32CD15251016D8A5FA335ABC8055DA24D9BE82E6A33D3B9E02A634CB393490,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000015024Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:19.296{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50409-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000015025Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:21.009{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FE3F47CEB9DAECE5FA8A5030252E6068,SHA256=A12628CDDB34A8242DA4468C81F8DC6739988DF70C47C85329EC218075A09655,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030959Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:21.169{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=47FD472A0D983D4E0E0EAD4908931625,SHA256=0E387D27515408E5D94F02CF5694207B1B1399EBF53F2FC1B5390D0128109B67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015026Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:22.259{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=45B8C3CB0E712BC9C6F19078F149B9AB,SHA256=477B4F9E710C4B9FD431B595B22BEB82FB0CCB52D78A114907F0CF1A194C33D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030960Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:22.184{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=37B0AEEF736FDD44B03ED91038A67623,SHA256=1660425F5BE528F8D65270DCCF25907A8F46B622F9C0379B8C1C5EC30302A1AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015027Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:23.477{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=52AFF9A4D70A38044B7D7D0F2A91B928,SHA256=10048C1C3DFA67D732EA43295F6CA806FCD268E7679D4351897759AE005FB300,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030962Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:20.734{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52132-false10.0.1.12-8000- 23542300x800000000000000030961Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:23.200{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9B3EB354E7749B07EF6448FF5F870AF1,SHA256=27663BEFD782596B4104042EFE4FEC6C38F425DE906CE222B77183497BE53DE1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015028Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:24.649{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E2416FB7436589C2F247567DD56B932A,SHA256=8F5B7ADDDF84607961E00F03BD1C0E3701D7737DD532204FC7544911F93118F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030963Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:24.200{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F08D2A0AF4C7F0F4DA3FD9D3E0799B0B,SHA256=8D51AD67C15590E77DADA3F5FE3791C8E87CB95A02AA1843E64F790B5763B083,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015029Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:25.868{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B8DFFE98A62FBBF712A5AE1F2D6AE151,SHA256=2BDB4A78F2C74833F76C334DA7EB4A2CFB246B59A8333460967E206B2672B75F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030964Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:25.216{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EDD2421E73DBE607892020D9A5D6D451,SHA256=E59CC55DDB4F48DD958179157713EE5223894ACA878BFB1D5B9A0F44F69E6C67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015031Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:26.946{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E0395EA6AF4C0D7699F4E1DF75744508,SHA256=3D52A8C3438EF16E63CBFD38E716B151D586AED30532DA6473EF6127880E5D1B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000015030Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:25.155{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50410-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000030965Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:26.231{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FACAD91565F8A158AE51663B99D95AAA,SHA256=9FA78542B1339966F4311FF3C9578C0B0EB28592D15CBB43FD55D8235C62F357,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030967Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:25.843{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52133-false10.0.1.12-8000- 23542300x800000000000000030966Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:27.247{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C293B608A8540E1AEB8B800AA5B9D796,SHA256=99FBF57114AD0D0781C0AFEAFB9A371A30E596F3EBA8A320B335072BDFC6D451,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030968Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:28.247{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DCBAC0BB80C9F859ACBF0400BA593B7F,SHA256=AEFAB8BC478862205317570CF7BBFE2224951861F0FD4E2F4DF910A9F9DA8019,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015032Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:28.040{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=31BD55CE03C32BC053E61BBE55408B68,SHA256=1497D8B18D95297DC620EC41B89199FF21C297DFF00C0BF509544F01C95E99CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015033Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:29.102{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DCD1B305AA599F171B3281BFDFBD852F,SHA256=6980388255BF6425265B07EFC99CBECFAE66ED1241BE1D60976D9C228F1089F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030969Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:29.263{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9FDE21D279F652F5D545E9788D164AD2,SHA256=E08E7652F70800EE60E54A88FEAE37DAF41D238544F61D3D4B23FB293F9E086E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015034Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:30.118{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8423FE5BE5F91F2B7A39411E2864F653,SHA256=FE8B9A0DDFBC3A6CDE9E5F7ADB2393B9AF8446FECB048722735AF6B328D5CB1D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030970Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:30.263{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4A86632071BC3B4CCD10085A61A9CC44,SHA256=98D3C907B0A4854C5323EEADEE13F08219D4553FBAE7564E37179FD78946FB73,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015035Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:31.352{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=297D1642216CCB3B7988ABDBBFAB3977,SHA256=8341848FEAC7CCB1516DB9FA118934200144513708FF005CF20F16BBFD1F6C6E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030971Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:31.263{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4DB480CFA1EA6EF20C0E231827AD0771,SHA256=E69CF62CCF1DC1CA257BDC4A9C31EABC39F4A011B26D9DF745D5B612635C360B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030972Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:32.278{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D149DD3A32D666B286D7706F569C5B4D,SHA256=FD13EA87AB1A28649E5714AE5D25B3EC4A26DDED8014DEBCC7F27A9449E7D62B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015053Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:32.493{49C67628-FDEB-615B-1100-00000000FC01}964NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=87520BD04FD5643BCC92C7DBEC772989,SHA256=8BC35B94634100C32695AE2BE7F87C4247E1453C638AF40A8D6FCF363093A275,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015052Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:32.383{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B2494ACEFE25E2CCA284F7C5ECCFC666,SHA256=EEAD3BDAB7E9200C6720CA89B32D4728E92D3D81E112E607BE8041F42906CC65,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000015051Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:32.274{49C67628-FDEC-615B-1600-00000000FC01}11961324C:\Windows\System32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+6124|c:\windows\system32\cryptsvc.dll+5e34|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015050Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:32.258{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015049Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:32.258{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015048Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:32.258{49C67628-FDEB-615B-0B00-00000000FC01}6323424C:\Windows\system32\lsass.exe{49C67628-FDEB-615B-0A00-00000000FC01}624C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a16d|C:\Windows\system32\lsasrv.dll+2704b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000015047Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 08:25:32.258{49C67628-FDEB-615B-1100-00000000FC01}964C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49467c0e-47bd-42f4-85e4-c4c306fe5b65}\DhcpConnForceBroadcastFlagDWORD (0x00000000) 13241300x800000000000000015046Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 08:25:32.258{49C67628-FDEB-615B-1100-00000000FC01}964C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49467c0e-47bd-42f4-85e4-c4c306fe5b65}\IsServerNapAwareDWORD (0x00000000) 13241300x800000000000000015045Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 08:25:32.258{49C67628-FDEB-615B-1100-00000000FC01}964C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49467c0e-47bd-42f4-85e4-c4c306fe5b65}\AddressTypeDWORD (0x00000000) 13241300x800000000000000015044Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 08:25:32.258{49C67628-FDEB-615B-1100-00000000FC01}964C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49467c0e-47bd-42f4-85e4-c4c306fe5b65}\LeaseTerminatesTimeDWORD (0x615c1a0c) 13241300x800000000000000015043Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 08:25:32.258{49C67628-FDEB-615B-1100-00000000FC01}964C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49467c0e-47bd-42f4-85e4-c4c306fe5b65}\T2DWORD (0x615c184a) 13241300x800000000000000015042Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 08:25:32.258{49C67628-FDEB-615B-1100-00000000FC01}964C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49467c0e-47bd-42f4-85e4-c4c306fe5b65}\T1DWORD (0x615c1304) 13241300x800000000000000015041Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 08:25:32.258{49C67628-FDEB-615B-1100-00000000FC01}964C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49467c0e-47bd-42f4-85e4-c4c306fe5b65}\LeaseObtainedTimeDWORD (0x615c0bfc) 13241300x800000000000000015040Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 08:25:32.258{49C67628-FDEB-615B-1100-00000000FC01}964C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49467c0e-47bd-42f4-85e4-c4c306fe5b65}\LeaseDWORD (0x00000e10) 13241300x800000000000000015039Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 08:25:32.258{49C67628-FDEB-615B-1100-00000000FC01}964C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49467c0e-47bd-42f4-85e4-c4c306fe5b65}\DhcpServer10.0.1.1 13241300x800000000000000015038Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 08:25:32.258{49C67628-FDEB-615B-1100-00000000FC01}964C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49467c0e-47bd-42f4-85e4-c4c306fe5b65}\DhcpSubnetMask255.255.255.0 13241300x800000000000000015037Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 08:25:32.258{49C67628-FDEB-615B-1100-00000000FC01}964C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49467c0e-47bd-42f4-85e4-c4c306fe5b65}\DhcpIPAddress10.0.1.15 13241300x800000000000000015036Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 08:25:32.258{49C67628-FDEB-615B-1100-00000000FC01}964C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49467c0e-47bd-42f4-85e4-c4c306fe5b65}\DhcpInterfaceOptionsBinary Data 23542300x800000000000000015057Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:33.430{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B1186FD4FA2E839E54CCF4257028AF84,SHA256=DDB2BE143FA8DA377917C5B7F18170276EA311CCDB2D3C1D7E9A6025EC88CD31,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030974Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:31.781{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52134-false10.0.1.12-8000- 23542300x800000000000000030973Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:33.294{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=175192EFC1FCBF544D0C15B2BFE07BE6,SHA256=945D091A7537D0F6DD7D20543EC3503B1C9C6ADC3E90116FF311AE8AA3062C94,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015056Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:33.368{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=B35266425B41B2960313513795953400,SHA256=310806A6560F4A011ABF414C5CD820918ECEF3453DD410BA79A8C9BB3108F48D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015055Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:33.368{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=2AB49BB83F21FD07CA59FB97F2AB3ACB,SHA256=749170E3A63D3FED057FD0071AA6E613AFB2D8A70C0F1A5D69FD80F5760C151F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000015054Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:31.155{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50411-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000015062Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:34.461{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1D0BC80F100E8850B01339EB0D8D5BDD,SHA256=DAED1BCB5BAA300C297C048ABB37C4CE01C37CA6A905B31856DC579B7B8E371E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000030977Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:32.625{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruefalse10.0.1.14win-dc-676.attackrange.local51557-false10.0.0.2ip-10-0-0-2.eu-central-1.compute.internal53domain 354300x800000000000000030976Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:32.625{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.15ip-10-0-1-15.eu-central-1.compute.internal60136- 23542300x800000000000000030975Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:34.294{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A648BED0F86B5AB33B2BD8F993BAF9D1,SHA256=B19BCF84AC651A08478FC3EC2ECC63BCCC8C6CC1462240ADCD462E5E49592941,IMPHASH=00000000000000000000000000000000falsetrue 22542200x800000000000000015061Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:33.064{49C67628-FDEC-615B-1400-00000000FC01}884isatap.eu-central-1.compute.internal9003-C:\Windows\System32\svchost.exe 354300x800000000000000015060Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:32.335{49C67628-FDEC-615B-1600-00000000FC01}1196C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudptruetruea00:10f:0:0:c8d0:3bab:81b5:ffff-58806-truee000:fc:0:0:0:0:0:0-5355llmnr 354300x800000000000000015059Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:32.334{49C67628-FDEC-615B-1600-00000000FC01}1196C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudptruetruefe80:0:0:0:e9d9:c59a:6800:80d8win-host-340.eu-central-1.compute.internal58806-trueff02:0:0:0:0:0:1:3-5355llmnr 354300x800000000000000015058Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:32.311{49C67628-FDEB-615B-1100-00000000FC01}964C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal68bootpcfalse10.0.1.1ip-10-0-1-1.eu-central-1.compute.internal67bootps 23542300x800000000000000015065Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:35.588{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A5BF70CCFE018A3FCBAEBFFEE8A2DF70,SHA256=6DBC50D1AFB025C17B7446CA6A73DF31B82B7A73B91E7D41B68D055F90D5840F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030978Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:35.309{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75A515D1246782207656D43A59B2F34C,SHA256=466D9D91B3C5BCA250376E25CFB023C36740F470AF9C8836F6C5877854D97935,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000015064Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:33.063{49C67628-FDEC-615B-1600-00000000FC01}1196C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudpfalsefalse10.0.1.15win-host-340.eu-central-1.compute.internal60136-false10.0.1.14ip-10-0-1-14.eu-central-1.compute.internal53domain 354300x800000000000000015063Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:33.061{49C67628-FDEC-615B-1600-00000000FC01}1196C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudptruetruea00:10f:0:0:c8d0:3bab:81b5:ffff-60136-truea00:10e:4e00:6100:7400:6900:7600:6500-53domain 23542300x800000000000000015066Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:36.728{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE3DE5CF458575E5CF27CFB1C3F5BFB5,SHA256=9F9AF28AB69EB17A5386DD1147008B065B278CD3932139FCE4CBEE8EB94F7D23,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030979Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:36.356{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1E022FDED853AC4C2CD2629D9F467787,SHA256=AAB53D2BBD0865C80A4426BB8B76C2430DB298ADABEB5119FEF4C3B600779F9E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015067Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:37.869{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F28F2041E168C4593A826C70FF3F132,SHA256=17FC4599B128885D5CD976D3385BD5D1557AF10B7B7D2C0DA0ED0964A711C7E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030980Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:37.356{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F035DB0FE47A3FFB89D535E279648AB,SHA256=C1AE9DF9E68C945EB2AE1EE3EF5601EC3E993F9746B5B1DEC4BFA416A4D749D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015069Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:38.884{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D250D78BAA5CB8435361473018D6E56F,SHA256=29FB46D82ABC2B926ACE32C75C1AA16C2910E2A3F6D776D1BE460602F164238E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000030981Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:38.356{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BE2013CC1AD3DF96B6AC42B6D1404626,SHA256=F76B3069B07AAF7FF61460D99756FD37239D23D71044C91185A710502F7A2006,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000015068Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:36.296{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50412-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000030992Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:37.671{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52135-false10.0.1.12-8000- 23542300x800000000000000030991Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:39.666{6EDEAD03-FCBF-615B-AF00-00000000FB01}416NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000030990Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:39.603{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0C03-615C-5906-00000000FB01}4832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030989Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:39.603{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030988Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:39.603{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030987Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:39.603{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030986Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:39.603{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030985Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:39.603{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0C03-615C-5906-00000000FB01}4832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030984Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:39.603{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0C03-615C-5906-00000000FB01}4832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030983Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:39.604{6EDEAD03-0C03-615C-5906-00000000FB01}4832C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030982Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:39.369{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9BB51FB09DAB4ACD5B78CD2564A2949C,SHA256=D285D040DD204071ED5C39618013D6472A90EE1611ACBB6EE9B4AFE7FE544D2F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031012Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:40.947{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0C04-615C-5B06-00000000FB01}7112C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031011Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:40.947{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031010Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:40.947{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031009Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:40.947{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031008Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:40.947{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031007Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:40.947{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-0C04-615C-5B06-00000000FB01}7112C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031006Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:40.947{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0C04-615C-5B06-00000000FB01}7112C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031005Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:40.948{6EDEAD03-0C04-615C-5B06-00000000FB01}7112C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031004Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:40.635{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3FC90E2F8CF8DA4FBD959D578C60FDA3,SHA256=F006947914E4B85BE9ECAD2A99B2242F10397A16CA78367D94BDB4DD1EC06B4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031003Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:40.635{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2E04695661B7AA73BE7A5FBA948E2F42,SHA256=4B873717236719D344766E88BFF1E7F68E9A9680E72D51BF06ADE93988FE3660,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031002Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:40.463{6EDEAD03-0C04-615C-5A06-00000000FB01}57362868C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000031001Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:40.369{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B07AC884E9710823FC5D308C9DB700B2,SHA256=EAB48DA8F8661DEECF63AC4C87F97BBD139188BC68D5D45927234BB76EE839B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015070Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:40.100{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=11A199904295C893A775DF2892203E91,SHA256=49F14927DDFFC58F0435FE0E8E4AA1E9B751AC55EF51ACD84CDB937AE427199A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031000Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:40.275{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0C04-615C-5A06-00000000FB01}5736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030999Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:40.275{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030998Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:40.275{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030997Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:40.275{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030996Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:40.275{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030995Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:40.275{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-0C04-615C-5A06-00000000FB01}5736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030994Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:40.275{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0C04-615C-5A06-00000000FB01}5736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030993Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:40.276{6EDEAD03-0C04-615C-5A06-00000000FB01}5736C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031015Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:41.978{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3FC90E2F8CF8DA4FBD959D578C60FDA3,SHA256=F006947914E4B85BE9ECAD2A99B2242F10397A16CA78367D94BDB4DD1EC06B4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031014Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:41.385{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=978DBA5B0ABD022FD14AB1F09CB224D8,SHA256=1ECB72E3788A133A8216FC01175458AB801B3FF11F2537882ABF40F6A8694F2F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015071Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:41.256{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=06056057B221E517425E0F19C798B9A4,SHA256=0B56C386EC66AF90B8879BA2170BF5F1A994E09419623373F5EEB3162B4CCBD7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031013Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:39.247{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52136-false10.0.1.12-8089- 10341000x800000000000000031033Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:42.916{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0C06-615C-5D06-00000000FB01}6368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031032Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:42.916{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031031Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:42.916{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031030Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:42.916{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031029Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:42.916{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031028Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:42.916{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0C06-615C-5D06-00000000FB01}6368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031027Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:42.916{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0C06-615C-5D06-00000000FB01}6368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031026Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:42.919{6EDEAD03-0C06-615C-5D06-00000000FB01}6368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000031025Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:42.635{6EDEAD03-0C06-615C-5C06-00000000FB01}38686416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031024Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:42.416{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0C06-615C-5C06-00000000FB01}3868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031023Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:42.416{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031022Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:42.416{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031021Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:42.416{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031020Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:42.416{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031019Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:42.416{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-0C06-615C-5C06-00000000FB01}3868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031018Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:42.416{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0C06-615C-5C06-00000000FB01}3868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031017Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:42.417{6EDEAD03-0C06-615C-5C06-00000000FB01}3868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031016Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:42.385{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FCC2781C08FA479F3B5D9EF1BFF0EB0D,SHA256=1778D3A0041003174EC9E8147E1F59DEC49967A4D4342C16E4FE9E7EE15D365E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015072Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:42.428{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E1FC3F3DBFF72F56850E40D3C279D12,SHA256=F5055CA9080C032428328F60CB77FCE5C3C0EF51A88C77E9325F5DA557847542,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015074Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:43.568{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC6A3A665246A2669E7F4B68720082DC,SHA256=A86E7938841DF6942EFA9F1534A6D335E10C31BD44D4002535C587494874B4D9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031045Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:43.588{6EDEAD03-0C07-615C-5E06-00000000FB01}65082144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000031044Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:43.431{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C05475315B5243485E01880D60C1A2E6,SHA256=0AA3D26638AFEEBF70721966F7A427C5911C423E3C98ACE646F1B799FC346489,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031043Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:43.416{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0C07-615C-5E06-00000000FB01}6508C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031042Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:43.416{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031041Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:43.416{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031040Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:43.416{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031039Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:43.416{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031038Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:43.416{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-0C07-615C-5E06-00000000FB01}6508C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031037Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:43.416{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0C07-615C-5E06-00000000FB01}6508C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031036Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:43.417{6EDEAD03-0C07-615C-5E06-00000000FB01}6508C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031035Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:43.400{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D1DF577928AE1D777E1D35B8870CA2CF,SHA256=99FE69F7DB668E20861FC632F9106E789BC7B818038CC918A722264E4229ED8F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031034Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:43.135{6EDEAD03-0C06-615C-5D06-00000000FB01}63686792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000015073Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:42.295{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50413-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000015102Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:44.834{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0C08-615C-7D02-00000000FC01}1092C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015101Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:44.834{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015100Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:44.834{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015099Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:44.834{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015098Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:44.834{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015097Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:44.834{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015096Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:44.834{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015095Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:44.834{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015094Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:44.834{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015093Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:44.834{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015092Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:44.834{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-0C08-615C-7D02-00000000FC01}1092C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000015091Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:44.834{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0C08-615C-7D02-00000000FC01}1092C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000015090Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:44.835{49C67628-0C08-615C-7D02-00000000FC01}1092C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000015089Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:44.709{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ECE845BC8EE4CC0F24CF34AF672321D3,SHA256=63F18400A4868B59CE0D9BF85C6AEB32B73797F871DCF8D67D474FEBBF646723,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031055Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:44.734{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211005071805-065MD5=AA6F78CCC35FD74424B933C975A9F779,SHA256=482DFC86E7C4A11E76E3E352EB64B396C84C083D9F57F37823883232EC55A225,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031054Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:44.402{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B87E7F30DD6A56A129D80492AF43A203,SHA256=AE5184D6514AE08C164984A9C921C92C735899DB73901F5D7EA90B654471BDE5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000015088Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:44.381{49C67628-0C08-615C-7C02-00000000FC01}3984500C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015087Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:44.209{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0C08-615C-7C02-00000000FC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015086Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:44.209{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015085Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:44.209{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015084Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:44.209{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015083Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:44.209{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015082Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:44.209{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015081Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:44.209{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015080Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:44.209{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015079Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:44.209{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015078Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:44.209{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015077Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:44.209{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0C08-615C-7C02-00000000FC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000015076Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:44.209{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0C08-615C-7C02-00000000FC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000015075Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:44.210{49C67628-0C08-615C-7C02-00000000FC01}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000031053Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:44.088{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0C08-615C-5F06-00000000FB01}7000C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031052Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:44.088{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031051Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:44.088{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031050Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:44.088{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031049Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:44.088{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031048Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:44.088{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-0C08-615C-5F06-00000000FB01}7000C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031047Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:44.088{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0C08-615C-5F06-00000000FB01}7000C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031046Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:44.088{6EDEAD03-0C08-615C-5F06-00000000FB01}7000C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031059Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:45.746{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211005071802-066MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031058Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:45.416{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=28738F71A73F5CC99D5899247CD3A808,SHA256=D3FBB4FB2948476BE7B1EB7BA063B90C3C8ABBBE6517D9276EA1840DC23F4980,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000015117Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:45.459{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0C09-615C-7E02-00000000FC01}1036C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015116Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:45.459{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015115Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:45.459{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015114Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:45.459{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015113Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:45.459{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015112Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:45.459{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015111Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:45.459{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015110Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:45.459{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015109Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:45.459{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015108Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:45.459{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015107Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:45.459{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-0C09-615C-7E02-00000000FC01}1036C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000015106Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:45.459{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0C09-615C-7E02-00000000FC01}1036C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000015105Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:45.460{49C67628-0C09-615C-7E02-00000000FC01}1036C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000015104Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:45.256{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3B11253545BF273E802100FD42AF0B52,SHA256=D97B3C6C5E91DFAB998D69FE81049F68A4C0EB3FD2B3A7FFF529B7901E7AA256,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015103Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:45.256{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2A51DCE1848B642DA51AFAD91652949D,SHA256=B627361057230D91440634E034B9E3AB977DB7BF340F62460E91A30B0E31C214,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031057Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:42.825{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52137-false10.0.1.12-8000- 23542300x800000000000000031056Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:45.135{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=623280819D81A8ED1FD8B451C5CAB00D,SHA256=8A15AFBD478C8E8F5FA4B7852E102422E29783B18C0383E594AF309920D1E139,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031060Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:46.418{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A2235EB3CE7868F4223A2105C507A978,SHA256=46A09AB186EBEF0A130B8A784ED53BBD9998228055E74D1A9144BB16AD846396,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000015133Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:46.537{49C67628-0C0A-615C-7F02-00000000FC01}8361980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000015132Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:46.474{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3B11253545BF273E802100FD42AF0B52,SHA256=D97B3C6C5E91DFAB998D69FE81049F68A4C0EB3FD2B3A7FFF529B7901E7AA256,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000015131Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:46.381{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0C0A-615C-7F02-00000000FC01}836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015130Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:46.381{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015129Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:46.381{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015128Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:46.381{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015127Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:46.381{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015126Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:46.381{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015125Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:46.381{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015124Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:46.381{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015123Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:46.381{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015122Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:46.381{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015121Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:46.381{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0C0A-615C-7F02-00000000FC01}836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000015120Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:46.381{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0C0A-615C-7F02-00000000FC01}836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000015119Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:46.381{49C67628-0C0A-615C-7F02-00000000FC01}836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000015118Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:46.068{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1DD31039EAA2C63B97921B0059582535,SHA256=D9011F541FCBB847F13049B65D81C87FCCF824F1E2CA084F227B2BFA796613C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015135Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:47.912{49C67628-FE68-615B-9F00-00000000FC01}1772NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015134Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:47.287{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2D28A4F18A69692F26948C79671E46D6,SHA256=6940C05E53E39FEC6AA0C804C79CD1E0ACB1B87CAC9E2115B940EE854D56145B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031061Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:47.465{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F30EDDFD33B9DA83FC3C1DC88CE97E43,SHA256=BD5433CF85008D74D13460DF8F081A0224E8D4564D38C47DC68CB413F1B44579,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031062Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:48.543{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9879935BB7137BD82D69791E4CD80D4C,SHA256=A9F5F4E1982ABE0184915C5C99F9D8CB6227A29C8B17DF31B738A670BD9037FC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000015163Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:48.943{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0C0C-615C-8102-00000000FC01}3832C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015162Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:48.943{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015161Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:48.943{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015160Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:48.943{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015159Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:48.943{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015158Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:48.943{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015157Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:48.943{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015156Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:48.943{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015155Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:48.943{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015154Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:48.943{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015153Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:48.943{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0C0C-615C-8102-00000000FC01}3832C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000015152Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:48.943{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0C0C-615C-8102-00000000FC01}3832C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000015151Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:48.944{49C67628-0C0C-615C-8102-00000000FC01}3832C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000015150Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:48.506{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=83E17E21F760FB2D923B13E68D2B48E1,SHA256=7BFA1F1DE7C49609A2B603A13B51AF912470251EB24FC8E655E8C9587646BB63,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000015149Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:48.474{49C67628-0C0C-615C-8002-00000000FC01}9203784C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015148Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:48.271{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0C0C-615C-8002-00000000FC01}920C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015147Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:48.271{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015146Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:48.271{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015145Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:48.271{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015144Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:48.271{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015143Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:48.271{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015142Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:48.271{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015141Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:48.271{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015140Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:48.271{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015139Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:48.271{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015138Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:48.271{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0C0C-615C-8002-00000000FC01}920C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000015137Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:48.271{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0C0C-615C-8002-00000000FC01}920C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000015136Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:48.272{49C67628-0C0C-615C-8002-00000000FC01}920C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031063Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:49.699{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=866CEF01476835DB9E72B8E1B1F77E39,SHA256=88262A8A1598CF976C573C98DE0A44212AB0CB942484D79D98EE269A542FD97D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000015181Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:48.230{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50415-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000015180Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:47.949{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50414-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000015179Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:49.755{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=14F7201F3D062DACF061A62A88835F9A,SHA256=288F4E6F498FEFC85D9A52548AD22397E9DA48E1AC55C74CF0794B73FDB2DFAC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000015178Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:49.615{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0C0D-615C-8202-00000000FC01}2420C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015177Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:49.615{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015176Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:49.615{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015175Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:49.615{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015174Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:49.615{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015173Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:49.615{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015172Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:49.615{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015171Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:49.615{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015170Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:49.615{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015169Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:49.615{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015168Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:49.615{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-0C0D-615C-8202-00000000FC01}2420C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000015167Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:49.615{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0C0D-615C-8202-00000000FC01}2420C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000015166Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:49.615{49C67628-0C0D-615C-8202-00000000FC01}2420C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000015165Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:49.365{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=484CF440467771FF6DF75C3B0B8D4002,SHA256=FBCDC7ED2880C8E9CEACABB14D4C185BBA9F41E95D3F58965F178F482B8DABDC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000015164Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:49.084{49C67628-0C0C-615C-8102-00000000FC01}38322432C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000015183Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:50.849{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DCD49F1C0DC686243EF99AF55AC2354B,SHA256=EDBB3E5D4D01EE5EE5E775B884289F6C4F3F47E6459B55C15A08BCCAC0A79B9F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031065Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:50.715{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9C4358C739B1F8DBC639A6D9D6760926,SHA256=9670575CD66DC3F936C193E9613AFB498B6E92B9C481F0B8D52713A35678D71C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031064Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:50.699{6EDEAD03-FC1D-615B-1200-00000000FB01}616NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=3A7CB81833AD189F5DAC7993D613A565,SHA256=ED3C93E6ACDBFCECF9A0DEC1DCB0D509BBC3EB8179266CB059BA139BF3C77C17,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015182Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:50.677{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2B902EE698565CEC9CDC3135D956AE87,SHA256=BC6EF98F8155EBB9F8A8D789882042B2415278FA0F7D0D1CFEF5D2FAC21217C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031067Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:51.902{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AF0C357E8D677812C370F34C97D33CEA,SHA256=31511A549530ACA3F85EC484A99F03FCAD7175EC39CBD59C92C88AD87371BD13,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031066Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:48.780{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52138-false10.0.1.12-8000- 23542300x800000000000000015184Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:52.083{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E8E524E68E11DE2FBA1070E617FE422,SHA256=12B0AD7882B8080AF64D245905DB3A79953D32EC8CCA946F272FE7134A8C6C69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015185Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:53.318{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40060BAF302A6259A098DCDA9AED6ED3,SHA256=D8F0897D04279E3660A7BDA504962A771754C859B06260F1CD809C50B537E680,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031068Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:53.012{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1D11BF8C20EA5790361978752BC64F4C,SHA256=51D7DDB6417719F13C51365FB8C28E48C5B84CF15555C314DD7869962EF6C69A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015186Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:54.443{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0523CE118E04FE833B94B6A9ED8B4130,SHA256=D96EAEDD21E46A6FB72557DEE6B232A063A4CCE1502216C0C38248C2AB8C4669,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031069Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:54.230{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8A1334AC350001A5D3EBFAC506BA1900,SHA256=2444631A54CA9473B6B48B0AA3AA1E57FFBEB063D810CDA24EA63CE3E104B16F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015187Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:55.677{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=18A686C00EAF9585749B251A5C7AA954,SHA256=F53A54D8369F94FB7B0974691E52BB380E19A3FB81E3B305DA66D5BE67E425A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031070Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:55.309{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6590D06853A5B1B207D03E349187B0C1,SHA256=EB1396F0782CC669CC3BB5B398B6D40FC6AC4323B522B045A792DB5E08F9B5F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015189Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:56.911{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D5C5E8F70CFDAA1EF651D2ACE596A25E,SHA256=5595354A5BDD1B45FC9D693F3355096203A3AD10195290F03215F0F55E8684EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031071Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:56.340{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1ECF2B43D13E5000518F84E6271AE644,SHA256=13AC0614AFB3F6713DE02D357539D8D616711F53AEDF4B486B28FCD4C0CD6FD2,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000015188Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:54.230{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50416-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031073Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:57.496{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7AD7343D32A399D472934795481EDBF9,SHA256=5BCFBAE719C59B46CC9A5165C0AA3246779C13798495EC3ECF6A4A7AB4A6401C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031072Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:54.717{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52139-false10.0.1.12-8000- 23542300x800000000000000031074Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:58.512{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F26A055AEB0685578C9284DD6F1927D2,SHA256=9A1A4CE1B46F9436E6D68EEBC60167B787AD07632D6617898E80DE30DA774792,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015190Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:58.099{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6DB6995EA0207EB86192424D0C71328D,SHA256=F4C1806DCD2F772770D38B449515D896AAE9DE41E7B0E74C8CF07F17302E3D33,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031075Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:59.529{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=90A046E412DC314248DC72D2217DBFC0,SHA256=3D184866FF375D7F2ED49A6AB3DBD33E3E8F798197D76C72DC40AC9764ED708A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015191Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:25:59.322{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5668BFCE1D0FD7FAF488B8659E4E83BB,SHA256=91849C2F537B5040EA6E36FAEE157CD43F894E01AF0A69A58B87E22D87E28059,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015192Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:00.384{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E2267327D502A3A3174F9C5DA40A1822,SHA256=4059F25D071EB874AD09372C1A6D5BCB97189E7324D6D06B34B4DCC4C8457137,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031076Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:00.544{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EAAB1B3C833282AE203B30940B158958,SHA256=7467FB4BE3A6D3F5FBF4EFDE838B5C4A1E68C7D82BC8864D45E3E492F0ED31E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015193Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:01.400{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F1B5426BAE48B4CAD261C935C8293C09,SHA256=752E08E94A969DA849FE387DB4D0A7F6DE81766AD5302FFCF09EBCE6FA60B41D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031077Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:01.544{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FBF1F5AD6032729588AC424DC8DA5563,SHA256=FFBA4280141E79F73D49045859DD34B0B3CFE5B20460979B56A91A82917F3965,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015195Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:02.525{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4BEE8ECD9342D310601F2445FE28B264,SHA256=33BB2C2AC227BFFC827E90DEEB2740CDB53747C46902666984C0641C56E7E94E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031079Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:02.544{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2DF6CAB2ABA707B99CD432266B96C66D,SHA256=088C77EEFF197541741300E142B617CD6BD46EE749C87F0FF9AF92549B757E6E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000015194Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:00.250{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50417-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000031078Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:25:59.719{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52140-false10.0.1.12-8000- 23542300x800000000000000015197Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:03.538{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5A09DECFE1B8E797E8EEF34F3212537E,SHA256=7320135FE103DD2135AFD84C73062771143588A7426510287DAC66B7546EE8A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031080Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:03.544{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=67EA335EE8AA29F88146AE9A8F3F9F20,SHA256=F4381DFB592F9E18775101AAF0AA51ADF9EAB71F743C4FCFC8A291D0AE0DE19F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015196Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:03.418{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211005072534-058MD5=9DBD3CF651CAD1963D7DD9E70795396E,SHA256=D00FE5240C0E39CC33FD8ADFFDA13197E8833401D0A3D05F731F6A79B8E00229,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015199Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:04.552{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=27AA3C9DBD0D966B19770A7FD7393E50,SHA256=78A702A5A7602F2C254D849696116C0A70F4A07A6DC0A1F3C32FC3721F5B917D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031081Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:04.544{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85E8650566E38F3C281F5ACC46CD753B,SHA256=36A1705ACEA1A7701CC0B7DA3200288711BD5A5C31C10FBA9AD2C8B4124BA2D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015198Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:04.430{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211005072532-059MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015200Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:05.553{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7C857399BD980D672B3A2BEF2F260D3B,SHA256=21BB917AD72243C778181A48560E30646921CC178A2F7D03AF5C37FAB0A15305,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031082Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:05.545{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=35BB772A6389FC154E0930751D8FBD6F,SHA256=B0C9C79117F593704A4B02F6AABDA1647C9E3CE590038BAADB80C80B4C97A34B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015201Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:06.553{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA9A36766E75C2967EC49B7A36C64E16,SHA256=AEAF6557D312372B7106590A29755E6A415589C1C2E466726891959C4EB51642,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031083Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:06.560{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=70068769D84859823B3B055877BBF5B8,SHA256=4D8DB6E75EB4697E64DC239375D740F2518CB600EB9F3A9EA62F701B8F63AA7F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015202Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:07.569{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9504B485D3DBE7635CD6BB8DDE798E95,SHA256=672B41B9917BB97214A549145DF26B0592CC1DC7B108A5238F88FC97A537A2A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031084Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:07.560{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3D1DF999F42D366CB2C7646BA2A9EB58,SHA256=3F99F7A1D8DA0B0D5815BDD422CF6F97FFCB6539FDC731E889CF8063A6B2FCCB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015204Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:08.584{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3480CBFFBEA7F3EB61E4B57D72F859D8,SHA256=11E9F41C58230AC582DB414971EBF551145A7224F6467DB9ADE5418ADFF80090,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031086Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:05.656{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52141-false10.0.1.12-8000- 23542300x800000000000000031085Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:08.576{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7BC191910EF308BC999B260A0BD70452,SHA256=D89856101BD56CFACAF61AB3E836D44F3F53886AB417FA9D478E39984C8E7E7E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000015203Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:06.309{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50418-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000015205Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:09.600{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B8527BB4D289D78851D8B0CCF91826F8,SHA256=637B3F59EA06B319C9C7E1D565BA7DF18FADCCA413B511DBCDB6AD3A5B8CB20B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031087Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:09.591{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ADD887F3FBCFC809AC4840DAABAFAEC3,SHA256=55D21DDA1329B4FD5619C0AF5FE01CE5707915478AE8C6CB99B2D0C9B764A949,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015206Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:10.616{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=792C1429A912C8EE5BBC9AC7A697351B,SHA256=E5099686F0114B49D54ABA0D777F24224F849F30BB7CD7C84AA8CFB8BE007944,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031088Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:10.638{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8D21543F6AC29A4EB9809790ED7D2E42,SHA256=2C8C2C80AD786DFB525EC0C04D24F00D6C19D28396C67116629B0F09006818D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015207Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:11.647{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13AA6817BEA21401E0BEDE48D7FCB279,SHA256=4BEAECB4AD99CB7D6C33B146148081B7C90A9ADD3DB359F9CEB4E534A3135271,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031089Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:11.794{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=264AE0C2B2C2EE9529ED4EBA574AC0C2,SHA256=2B94465F8A071E60DCAF989C6CC19FBC6FE1D7618EDA8E35F7D4D32C74BBA8BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015208Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:12.662{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=09E3FF9E23EB5A7BC898AC4B73C5B800,SHA256=04B35B6566F4B21B14A32C99F5D17F8CF8B976E87947D19782F77C3A56F6F71B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031090Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:12.841{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4D96523E4AC19D325A53AEA3C23DEF02,SHA256=9C27D2DE18E98C1426B572496216DBF8FACB44984B5A2471BC7FC2D7FB36A7B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015209Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:13.897{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C491432E531B6DFC093ACDD1275CEC0,SHA256=05A151E6387514A5D1F2772752188B257DA593482CA6E8BC39BEEEC9C1D3DE2E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031092Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:13.951{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13944B94553EC6EBA3498B24107E6D8A,SHA256=928D75AB1EE8DA80CD0492FC1EFAF44B7867A85CC866019474F1A9A1BEA27B84,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031091Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:10.828{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52142-false10.0.1.12-8000- 23542300x800000000000000015211Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:14.975{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C41D13922D11083F8A26F05ACB697828,SHA256=57C048B73D46B7B37897A9EFA5453C4F6C3559F9185280BC46DD76CAC02BCA9F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000015210Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:12.121{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50419-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031093Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:14.998{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BEF2D27657D90EEF51721692925286F9,SHA256=12F45B283721D405FB373E5628F3DA1061C236B4A0223ABAC4120D2548D8C998,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015212Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:16.037{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13F5ADD64EF82AAD19CE5ED2167BCC63,SHA256=6B6C363711D1C07986630EBEE5AB3D1DC62820AC1C46E94EB9B0D35F6812D67C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031094Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:16.013{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9DED635ABF8CFFD8954F95F2927C4308,SHA256=1F96089926FCD4CF0757E94401F914C9355FB3F52A8EA4816A06790355FBC850,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015213Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:17.147{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F3FE68D959E38640B8CA603C34D2D8EE,SHA256=F675E8EFD9C45129F7199256A46001A346F2CE7302CB5FB28CF40E96BE5D308B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031097Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:17.670{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BF1CBE4CAA509DEFD300CDC262D36407,SHA256=FDE16167E079EF2A5E5068AACFC24A2C3496A0040444EC0D08022776BEA52A1D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031096Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:17.670{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8896D436B45C32933BB2822720E0CE0F,SHA256=8B36B2C940D5333B8A1C0D65697184F5606BFE65E572C34914AE99822159800D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031095Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:17.029{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E28810C5BABC59F91EA9EF53AD6DDFEA,SHA256=88C54AA049A21ECFFBDBC67E20E01F573E7777D6CA4B81F43251AA8C0356E5EB,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000015215Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:17.215{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50420-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000015214Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:18.178{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DD333612FA87EF2EC31D96CC6C2BC675,SHA256=1977E249657314F93784EA4F93E7BEF5EC7809974A5804E5ECA6A8268A8FE835,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031101Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:16.766{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52144-false10.0.1.12-8000- 354300x800000000000000031100Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:16.266{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52143-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x800000000000000031099Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:16.266{6EDEAD03-FC2A-615B-2900-00000000FB01}2912C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52143-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 23542300x800000000000000031098Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:18.029{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=536D3480CB71F2FE9DFF65B1C931A6CB,SHA256=FA1F268A2410CFC03235B615AB7BFA2C78430EC0A60D93F220E647E231B6CF58,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015216Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:19.339{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9757E764E1B8268D5B3F7CCFC6CBA96A,SHA256=8B90E4890813315EF6FC12FADEC968E44294E041D7A4A4045DB1102D7DB812D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031102Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:19.044{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2B4EAF10B5855EEE54DC44F29784D24F,SHA256=FF241EF13516B4176C9A5A37698B87788DAB315CF60AD3CD02BED3094BC8BEB2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015217Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:20.480{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F0BA453A08A762198B953D40FF73A060,SHA256=09573D94024B5FB8B91B5F2F0A23A3A72A9AC7BFC084DD817190ED787924A785,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031103Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:20.046{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A9C462DA69D8D2F052964A33BE42D4FB,SHA256=5D37B687BE85FF4957835B4979E931243849850DBC179033A507EDE2595B2F03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015218Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:21.651{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4EE17E8223A0B380BD9F49E692A7CA7C,SHA256=BAD0A9CD6C85432804F017B2D12D015072D1112C0840B9FD9541A985030C2227,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031104Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:21.093{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9972EE6190CD9163352BACDB3421C281,SHA256=0C0286D48B635C66E111F38296FE972C2E9B00B112B4CCBD1C81FB590F0A5361,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015219Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:22.761{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A9A3EDB88019C2A690AFFE3FC63239E,SHA256=841671EEF8B3410260E5A7D81547A55119F2B76B02F494F63292C7AF21C0220E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031105Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:22.124{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=48E13A07FC36015FAF81B1E55D15994D,SHA256=D8314425ADFB65F026151FDF04BD3F47DB66640AA6CB6CBB7B0F43F8F2E8CA69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015220Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:23.901{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5465ECC36C3E3C132A6772F913C6913E,SHA256=CE6D6372947FBA9D9BB3C0D4D53E899E5DA500D7F45B2511389B642D9CEBA9FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031106Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:23.124{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C4042B5D2A0A6C0A2C5989D2C6DB069B,SHA256=1C4A97E47798434FC688B7549AA90C1FF64914561B1AA89797F1A7235C61E98E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015221Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:24.979{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=489EFA1910A0C3B3C95738E07BA91B3B,SHA256=7397CA2FBBF3C71A7A364D2FFC46E7F0DECFEBA131F224FECE2D11078D284760,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031107Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:24.140{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2CCCCADDBE1C318BF7C1A271C9F477D1,SHA256=CEE8066E43DDC6776289AAE214580B77AC3C8EBA810BDB2C3AE3D3B66F6EAB01,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000015222Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:23.126{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50421-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000031109Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:22.720{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52145-false10.0.1.12-8000- 23542300x800000000000000031108Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:25.171{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=959218B1165328D4E50F41CA3060F17F,SHA256=9DD330E23D87721E4B6BF85A26BEF5ADEAA2A044400A1812706A8D7AA7FC97D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015223Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:26.214{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5708E25F2FACF50196344B216F1F2B1E,SHA256=15521F16ED54555AB20C3628E07A99D21FFF812D77D95F6E3A95FF0563BDCB47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031110Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:26.186{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F04FC6E0F5F9B20016451E0F5CEE369B,SHA256=EA343AC7F5C389EFA174268DC2501A519F47C5DDAD449E43FF3C3851C7C75C1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015224Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:27.370{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=96AE5279ECEA988690AC3E4079F5FF79,SHA256=738BC5D73101DBC246C68703AF37AD978EE93C3B5192F9009E735EB1AB39AF03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031111Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:27.202{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A9F94DD22A20D1081D6638FD064A843D,SHA256=9A3CA584C4282CF52C871351D5AB47ACDE9C1D54D8175D39E98E5DDCEE5B0C5B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015225Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:28.386{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=97351D69D30782E695CC5D1E6D4938D8,SHA256=343A1BF156486614C354F58B1EA8D2D9D597BAADBAED7DDE65677D2FBBAFD276,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031112Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:28.202{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A8C79B72B967FCF90AEFE4C19409B60F,SHA256=41F17BE15F5E61BA2A02ADBD7BCE0213F8EB5D59F7944F0EFEDB1BCA0EB3C44B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015226Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:29.589{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=24389FA41B9CD9B76E7AC6837DC02315,SHA256=520D505113FD1C07E2E4F1EF640136527C377ABDE135000DB822D50E62BC03C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031113Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:29.218{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F352E64F64DCC9C25D87AAB29C8B3518,SHA256=AE84D3ABDB6E70BE1F3095B1B75E5A70B40CA81A7C7B828F7B5240BA549BB599,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015228Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:30.745{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0559E0BF2D875E8BE754902DD7F5454B,SHA256=2AD73DD02ACB002A2D86FE33FC62DD3FC8A8D1558F2EE00309E695EEA0D8F563,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031114Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:30.218{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F292967966E98250FF5735BF2A714F60,SHA256=1FBB8598EB0DB4B6D2B199490ABA06B7C52F777423FB11D8851B7E3A94DCF23B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000015227Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:28.267{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50422-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000015229Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:31.932{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B42B10DA648580562A1D08074694E5E9,SHA256=967B05072585B2DA513703BC3FFF4062E3EB651707A2CADAB652FC682C8B2F9D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031116Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:31.233{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A54DCEBB7CB57C58347BA049CA2AB66C,SHA256=4232FFDD9E24D28F899D62BB375BEF342D88B7642981D715993EDD57708CFAF4,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031115Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:28.736{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52146-false10.0.1.12-8000- 23542300x800000000000000015234Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:32.932{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C3F8E40417782C3F7081988BE5BAFCBA,SHA256=69BC82C48A121D8A8F6C874D0D5F68FD621DE56FB1C5238E34A95CE45E53344B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031117Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:32.249{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A3F6C2C89879C036CE016606408968B3,SHA256=EAC62A0E9C229EAC95F53227B0C97D0C7529A8E894D67473477A5892387AFC40,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015233Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:32.495{49C67628-FDEB-615B-1100-00000000FC01}964NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=521580CB786949928890C2A728F6EC26,SHA256=6512ADE15DC0C3118021B50EF35A7664236D93E34CA70AEB3A3AA3AF2D18E24A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000015232Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:32.276{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015231Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:32.276{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015230Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:32.276{49C67628-FDEB-615B-0B00-00000000FC01}6323424C:\Windows\system32\lsass.exe{49C67628-FDEB-615B-0A00-00000000FC01}624C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a16d|C:\Windows\system32\lsasrv.dll+2704b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000015237Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:33.948{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D86890496DA2BF2EEE5FD95EF4A1DB82,SHA256=FE6ACFE51838F151D1830BD38DC590CF13A419EAEBCE75C44CC03004D80FEAF9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031118Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:33.265{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8789C05F421D8EA39EC9F55D44388BF7,SHA256=25ACBDAB7D615C628E2926E2BE06A5F1A31F5B55E9C60E67671AF40B1BB40DA8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015236Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:33.292{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=C3078ED3B411E72C8B82127A78EF2B60,SHA256=9D6B72B64FC832B95A8F4846BB472A14CF7A37DB432D7FBA0C7A7A0891B03A0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015235Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:33.292{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=B35266425B41B2960313513795953400,SHA256=310806A6560F4A011ABF414C5CD820918ECEF3453DD410BA79A8C9BB3108F48D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015239Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:34.963{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=77C683FB586239D89F3DC5FC45F35E01,SHA256=E3D319645E0FBA6419937D0EA8A7D65E4981878D4E3FEE56A4A326E7964189F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031122Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:34.280{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=65065CA95C5C20935BEA63E58E852C1A,SHA256=62B349B1BA8DA7AA875D65B87D14C6CA5E9D99E44925482AC438397703914E33,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031121Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:31.904{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.15ip-10-0-1-15.eu-central-1.compute.internal58123- 354300x800000000000000031120Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:31.904{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.15ip-10-0-1-15.eu-central-1.compute.internal58796- 354300x800000000000000031119Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:31.902{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.15ip-10-0-1-15.eu-central-1.compute.internal55558- 354300x800000000000000015238Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:32.345{49C67628-FDEC-615B-1600-00000000FC01}1196C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50423-false209.197.3.8vip0x008.map2.ssl.hwcdn.net80http 23542300x800000000000000015240Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:35.979{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2D3F59DCB1894EE0ED0CA56D68D633A2,SHA256=57BE86A56FA20560B97407030AF7ADB10A11A385D8D66F42DC20EA458028715F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031124Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:33.658{6EDEAD03-FC2A-615B-2E00-00000000FB01}1160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.15ip-10-0-1-15.eu-central-1.compute.internal52274- 23542300x800000000000000031123Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:35.280{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1CC7294166D628FCBC6383761441754F,SHA256=022773FBE2E412B7AD109E0E73862294314808576748253492DC2EBD6D50A1BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015242Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:36.979{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=064CBC891629820AFDBB57D3F6A3C3A2,SHA256=B4B0377FBD9D689BA099D2FCD350A2F6710E6BCF4A85891E2C1300F36D086972,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031125Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:36.327{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3117E1457042D290721D10B55BF17C1A,SHA256=184AFBF33407E12C605FE25402C0E7043F108A8E3000C61E51C9FF2F1E98816D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000015241Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:34.266{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50424-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000015243Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:37.994{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=267F6EA3E78B0989C35612954D88EBF9,SHA256=7951B85F2C58E9B77EB8F40F43F25D992DE67EA30643B9E89429587A33808F29,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031127Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:34.689{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52147-false10.0.1.12-8000- 23542300x800000000000000031126Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:37.327{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=280462D23EEC9485AF69D13ACFC906F6,SHA256=5EAA05776C26A071667B1E4788EE6D3B56A0176F7CC52129BA8010F625BAE7E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031128Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:38.390{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF7DEEC418A59A72D6AECB5B02EFFDC4,SHA256=0A4FDDE639F3BD1FD2BBB10C8E7FB531E54D065DE4D9AA55E31916FFFA0F1B99,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031138Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:39.686{6EDEAD03-FCBF-615B-AF00-00000000FB01}416NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031137Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:39.483{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0C3F-615C-6006-00000000FB01}6268C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031136Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:39.483{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031135Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:39.483{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031134Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:39.483{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031133Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:39.483{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031132Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:39.483{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0C3F-615C-6006-00000000FB01}6268C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031131Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:39.483{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0C3F-615C-6006-00000000FB01}6268C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031130Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:39.484{6EDEAD03-0C3F-615C-6006-00000000FB01}6268C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031129Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:39.421{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=908A095E27D6B3D25AEE28FF65922187,SHA256=9C4577150EDB9AC14D35AB9822FC63CD53C72ADF63CEDA87F9AF2E877E4C40D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015244Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:39.057{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A480D1B704DCEC3D3A305E258FE631DB,SHA256=3ECF23BBC64A6D52D843EABDD53EBA497B8CBB1E17C7D4420F30EA21CB7F6F4D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031158Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:40.827{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0C40-615C-6206-00000000FB01}5148C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031157Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:40.827{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031156Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:40.827{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031155Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:40.827{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031154Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:40.827{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031153Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:40.827{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0C40-615C-6206-00000000FB01}5148C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031152Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:40.827{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0C40-615C-6206-00000000FB01}5148C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031151Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:40.828{6EDEAD03-0C40-615C-6206-00000000FB01}5148C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031150Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:40.483{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=01E6301F37BAF0F886FF104351460591,SHA256=C726442E1CB9BEAD7ACC7F84B47B32AD2D0D3F812F8117CDEF5E2E49C4E9923E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031149Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:40.483{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BF1CBE4CAA509DEFD300CDC262D36407,SHA256=FDE16167E079EF2A5E5068AACFC24A2C3496A0040444EC0D08022776BEA52A1D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031148Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:40.436{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E7EE4095933E9067CB3B9B92E5FB267,SHA256=377B04F2AD7CBF42B8AF1AD652486D24309EFFD8EB61E55868DB5E0A3C6A0433,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015245Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:40.183{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=560B7E14CAA2F145BA0CFA18782C6416,SHA256=AB17CB519F2CC724A2484D0C08CC9445632633323EE5A30FA06942EA2A2D0579,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031147Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:40.327{6EDEAD03-0C40-615C-6106-00000000FB01}34164664C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031146Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:40.155{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0C40-615C-6106-00000000FB01}3416C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031145Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:40.155{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031144Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:40.155{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031143Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:40.155{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031142Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:40.155{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031141Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:40.155{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0C40-615C-6106-00000000FB01}3416C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031140Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:40.155{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0C40-615C-6106-00000000FB01}3416C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031139Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:40.156{6EDEAD03-0C40-615C-6106-00000000FB01}3416C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031162Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:41.843{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=01E6301F37BAF0F886FF104351460591,SHA256=C726442E1CB9BEAD7ACC7F84B47B32AD2D0D3F812F8117CDEF5E2E49C4E9923E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031161Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:39.845{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52149-false10.0.1.12-8000- 354300x800000000000000031160Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:39.269{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52148-false10.0.1.12-8089- 23542300x800000000000000031159Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:41.468{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=585BD58B329655F8849DD76E2DA966CD,SHA256=5E4F326E6A3E16C65EB25BB7FA8D8DA47056B62EFE671D39FD3E4527742534F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015247Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:41.339{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E957533FD24CF0F5B443DCACB59577A,SHA256=D39D50A476B068ADEC416F08CED1A8C0701275F778AB3B2070DF53B3706833CE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000015246Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:40.173{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50425-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000015248Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:42.479{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=257A8D828FC730AEF01DE968506DE35D,SHA256=EA1AF556B3297ECAE5ACA6204AF2689FA584CFAFCDA0BFADF2EEB09C948DA702,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031180Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:42.936{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0C42-615C-6406-00000000FB01}2952C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031179Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:42.936{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031178Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:42.936{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031177Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:42.936{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031176Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:42.936{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-0C42-615C-6406-00000000FB01}2952C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031175Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:42.936{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031174Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:42.936{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0C42-615C-6406-00000000FB01}2952C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031173Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:42.937{6EDEAD03-0C42-615C-6406-00000000FB01}2952C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000031172Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:42.608{6EDEAD03-0C42-615C-6306-00000000FB01}49006000C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000031171Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:42.483{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=71A8D90DC34B938E2FAA0A533C6788AF,SHA256=5CC8B4AD31FE268A99144A80FCAA3F41DE3E5756F2B57D073B2D5055E7547FC0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031170Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:42.436{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0C42-615C-6306-00000000FB01}4900C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031169Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:42.436{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031168Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:42.436{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031167Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:42.436{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031166Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:42.436{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031165Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:42.436{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-0C42-615C-6306-00000000FB01}4900C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031164Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:42.436{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0C42-615C-6306-00000000FB01}4900C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031163Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:42.437{6EDEAD03-0C42-615C-6306-00000000FB01}4900C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000015249Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:43.479{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B46AE4C2EFA904961D557E6A94FC6CE4,SHA256=71BE794971162B24A3AD8C1BC706F9C38657F8DAAF61444F330FA8F0050085BA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031192Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:43.765{6EDEAD03-0C43-615C-6506-00000000FB01}50366100C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031191Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:43.608{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0C43-615C-6506-00000000FB01}5036C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031190Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:43.608{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031189Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:43.608{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031188Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:43.608{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031187Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:43.608{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031186Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:43.608{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-0C43-615C-6506-00000000FB01}5036C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031185Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:43.608{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0C43-615C-6506-00000000FB01}5036C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031184Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:43.609{6EDEAD03-0C43-615C-6506-00000000FB01}5036C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031183Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:43.483{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2ACD2EB90DC06FDA6D666BC6653E21DD,SHA256=6F87FE76BC887D4145C5EFE18AFB24BE21F77AC7BA632714AA5700315B5055E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031182Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:43.436{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=38CFE9E9E290D248ED8C0F88E4FB0D3F,SHA256=701CE3962ED5BF0ED964C309912150A0C5E3326A9CCF3319BE9009E1BB0C7003,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031181Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:43.093{6EDEAD03-0C42-615C-6406-00000000FB01}29524768C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015277Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:44.885{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0C44-615C-8402-00000000FC01}1932C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015276Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:44.885{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015275Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:44.885{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015274Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:44.885{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015273Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:44.885{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015272Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:44.885{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015271Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:44.885{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015270Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:44.885{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015269Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:44.885{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015268Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:44.885{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015267Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:44.885{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-0C44-615C-8402-00000000FC01}1932C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000015266Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:44.885{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0C44-615C-8402-00000000FC01}1932C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000015265Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:44.887{49C67628-0C44-615C-8402-00000000FC01}1932C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000015264Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:44.729{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=83E99E6FB47C52B546EFF3693CC43CBC,SHA256=B968ECF597A6835A38A265FF538A4EDF79B53D16BE8AB46D1FBA59B2B4E33606,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031202Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:44.640{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F860089B31639AF8EC6679267940DF86,SHA256=3C285C14AC67F05582E4B810C059AA75C9AB4BD78F81F5EC64413B1B28B932AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031201Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:44.499{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=86D747E85BA14A53884177E79CFCD5D0,SHA256=A06E82E2A29EEFA987D16E6FD772553428C9263393E6BBB89C0FD63309430EFC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000015263Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:44.370{49C67628-0C44-615C-8302-00000000FC01}36762612C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015262Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:44.229{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0C44-615C-8302-00000000FC01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015261Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:44.229{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015260Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:44.229{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015259Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:44.229{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015258Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:44.229{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015257Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:44.229{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015256Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:44.229{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015255Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:44.229{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015254Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:44.229{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015253Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:44.229{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015252Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:44.229{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0C44-615C-8302-00000000FC01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000015251Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:44.229{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0C44-615C-8302-00000000FC01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000015250Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:44.230{49C67628-0C44-615C-8302-00000000FC01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000031200Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:44.280{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0C44-615C-6606-00000000FB01}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031199Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:44.280{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031198Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:44.280{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031197Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:44.280{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031196Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:44.280{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031195Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:44.280{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-0C44-615C-6606-00000000FB01}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031194Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:44.280{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0C44-615C-6606-00000000FB01}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031193Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:44.281{6EDEAD03-0C44-615C-6606-00000000FB01}5656C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031203Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:45.499{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7D9729DE9A099F95CF8398BA96038BCE,SHA256=00524EB87A6BAB4611B575B19C167E9D95B3514F8347130E4872308699807643,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000015292Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:45.510{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0C45-615C-8502-00000000FC01}2496C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015291Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:45.510{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015290Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:45.510{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015289Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:45.510{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015288Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:45.510{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015287Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:45.510{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015286Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:45.510{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015285Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:45.510{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015284Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:45.510{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015283Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:45.510{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015282Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:45.510{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-0C45-615C-8502-00000000FC01}2496C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000015281Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:45.510{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0C45-615C-8502-00000000FC01}2496C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000015280Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:45.511{49C67628-0C45-615C-8502-00000000FC01}2496C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000015279Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:45.245{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A5A90C50705C2114BFC303635A50FBE1,SHA256=7BB8AD71D20E7981F950746850A80055BBD1415016E5A166FC38493BB5B951EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015278Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:45.245{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=945346F76106C67656183E3E37CE5501,SHA256=D081BFEE083DB087FB4FAC5059B1B54A174C4EA7481F38DD84C3A3A4E54B7EEF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031205Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:46.500{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CB4845A760F92447C5A5A246D02A8BDB,SHA256=1BFF612E92A813F2B7559FD9F2BE4958C3E651FC5954809A33A4085B43C83720,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000015308Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:46.542{49C67628-0C46-615C-8602-00000000FC01}27202896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000015307Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:46.510{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A5A90C50705C2114BFC303635A50FBE1,SHA256=7BB8AD71D20E7981F950746850A80055BBD1415016E5A166FC38493BB5B951EC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000015306Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:46.386{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0C46-615C-8602-00000000FC01}2720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015305Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:46.386{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015304Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:46.386{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015303Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:46.386{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015302Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:46.386{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015301Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:46.386{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015300Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:46.386{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015299Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:46.386{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015298Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:46.386{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015297Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:46.386{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015296Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:46.386{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0C46-615C-8602-00000000FC01}2720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000015295Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:46.386{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0C46-615C-8602-00000000FC01}2720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000015294Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:46.386{49C67628-0C46-615C-8602-00000000FC01}2720C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000015293Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:46.135{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A4A9580C4B00EFA397477A8855F016F0,SHA256=05E8AD14AA048F0AFED169594CBB1BD4A959DFBD57405104694093EFD8EC4FB2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031204Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:46.268{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211005071805-066MD5=AA6F78CCC35FD74424B933C975A9F779,SHA256=482DFC86E7C4A11E76E3E352EB64B396C84C083D9F57F37823883232EC55A225,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000031218Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 08:26:47.638{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000008) 13241300x800000000000000031217Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 08:26:47.638{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x003f3b51) 13241300x800000000000000031216Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 08:26:47.638{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b9ba-0x5ae83fd7) 13241300x800000000000000031215Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 08:26:47.638{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b9c2-0xbcaca7d7) 13241300x800000000000000031214Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 08:26:47.638{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b9cb-0x1e710fd7) 13241300x800000000000000031213Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 08:26:47.638{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000008) 13241300x800000000000000031212Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 08:26:47.638{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x003f3b51) 13241300x800000000000000031211Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 08:26:47.638{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b9ba-0x5ae83fd7) 13241300x800000000000000031210Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 08:26:47.638{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b9c2-0xbcaca7d7) 13241300x800000000000000031209Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 08:26:47.638{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b9cb-0x1e710fd7) 23542300x800000000000000031208Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:47.560{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B36502236A766D359898D39C8E029AD0,SHA256=3C899A1F7CC792478BDA2B94409F4359148C1CC9BF58D393F5589FC4B94A23E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015311Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:47.948{49C67628-FE68-615B-9F00-00000000FC01}1772NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000015310Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:45.251{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50426-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000015309Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:47.182{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DBC2C7BF8635D074B1C355B78C2DD8C0,SHA256=3AFE75C7F6153952EF226FB34CF23B7975F6D5E5283E7E477FEEA8F414295B2B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031207Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:45.737{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52150-false10.0.1.12-8000- 23542300x800000000000000031206Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:47.282{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211005071802-067MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031220Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:48.578{6EDEAD03-FC1B-615B-0B00-00000000FB01}636804C:\Windows\system32\lsass.exe{6EDEAD03-FC18-615B-0100-00000000FB01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96ef2|C:\Windows\system32\kerberos.DLL+793e4|C:\Windows\system32\kerberos.DLL+1443f|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+2b3d4|C:\Windows\system32\lsasrv.dll+30929|C:\Windows\system32\lsasrv.dll+2e287|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+15ded|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 23542300x800000000000000031219Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:48.563{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=60C447465A1A81E9E1F775013834A98F,SHA256=D80BA3CE4DBC9237AEC28495C5529337DCF1F1E1CC3292086765F5622D5A735F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000015339Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:48.948{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0C48-615C-8802-00000000FC01}3528C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015338Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:48.948{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015337Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:48.948{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015336Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:48.948{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015335Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:48.948{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015334Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:48.948{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015333Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:48.948{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015332Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:48.948{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015331Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:48.948{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015330Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:48.948{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015329Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:48.948{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0C48-615C-8802-00000000FC01}3528C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000015328Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:48.948{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0C48-615C-8802-00000000FC01}3528C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000015327Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:48.948{49C67628-0C48-615C-8802-00000000FC01}3528C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000015326Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:48.448{49C67628-0C48-615C-8702-00000000FC01}31962012C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000015325Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:48.323{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=43A19C2E3E652D00C93494942BEE0373,SHA256=48A40B5E4DD12D0D9554459730C1FA265BA5C397E3B985B03A1B28E25B4A716F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000015324Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:48.276{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0C48-615C-8702-00000000FC01}3196C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015323Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:48.276{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015322Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:48.276{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015321Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:48.276{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015320Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:48.276{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015319Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:48.276{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015318Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:48.276{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015317Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:48.276{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015316Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:48.276{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015315Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:48.276{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015314Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:48.276{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-0C48-615C-8702-00000000FC01}3196C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000015313Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:48.276{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0C48-615C-8702-00000000FC01}3196C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000015312Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:48.277{49C67628-0C48-615C-8702-00000000FC01}3196C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031223Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:49.703{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=46995760D13B385720E9961E4A0917D0,SHA256=3B5D880D7D23A7E81E51CDA41369A668FEF7D7BD66D9CF819DF500D64E7D8AE1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031222Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:49.703{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EFCA6CB8DFBF530B5D8756A278BCCA61,SHA256=3F49DFFB66AABEE69A248634A439296FEC9001CE5A407DC4EE2C455F08DAC20D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031221Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:49.563{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BDABC1E6A5A36241CCAC5A0E0A0CCD6F,SHA256=89CC793E78EE6C624869771F1539111CBBF8B608C201E715163183CAE49D5351,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000015356Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:49.620{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0C49-615C-8902-00000000FC01}3568C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015355Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:49.620{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015354Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:49.620{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015353Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:49.620{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015352Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:49.620{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015351Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:49.620{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015350Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:49.620{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015349Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:49.620{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015348Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:49.620{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015347Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:49.620{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015346Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:49.620{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-0C49-615C-8902-00000000FC01}3568C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000015345Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:49.620{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0C49-615C-8902-00000000FC01}3568C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000015344Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:49.620{49C67628-0C49-615C-8902-00000000FC01}3568C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000015343Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:47.970{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50427-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000015342Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:49.385{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=138DFFE1363D628329399B108E01FEAF,SHA256=F9774508EB1E27483A03AB724815D6EC927B760054706D91DC10EA0D6D977FF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015341Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:49.323{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2E780087EA645F24040B75C8D56EC6B7,SHA256=7BDF53F695AEF15104AD535D85AD98B8AE8770AC3310D3F29A5509EC53CDC0CC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000015340Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:49.104{49C67628-0C48-615C-8802-00000000FC01}35283328C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000015358Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:50.698{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8700CEF0B601C413C31382385FF499F1,SHA256=B0E945DDBEF4D3006101A496C606C4425C9E6D90C0870A1A81BC289F8A18A2A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015357Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:50.557{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7C45DA84C9FCB0DCB42C0C7AB9412920,SHA256=421054EAABF961599BDB3A2AEE9D95462428C178F5C14ECBDA4F24291451416B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031229Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:50.703{6EDEAD03-FC1D-615B-1200-00000000FB01}616NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=DAFFD4EDD53B1617C6C6455F67087C36,SHA256=DC5F3D5459D149B3A12C3100BB2FC3607CDA5024B1B83CEDFE5A00AAFEE16A82,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031228Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:50.578{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=067ACD8F4FC68CDC8B5CF77185AC7EFA,SHA256=34FFCA6D3DE827EA2F043DB16DB5ABF666BDC4C49BDC1C8FB03DFB3A4FB0ADD1,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031227Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:48.076{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-676.attackrange.local52152-false10.0.1.14win-dc-676.attackrange.local389ldap 354300x800000000000000031226Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:48.076{6EDEAD03-FC1D-615B-1600-00000000FB01}1288C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52152-false10.0.1.14win-dc-676.attackrange.local389ldap 354300x800000000000000031225Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:48.068{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local52151-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x800000000000000031224Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:48.068{6EDEAD03-FC1D-615B-1600-00000000FB01}1288C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local52151-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 23542300x800000000000000031265Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:51.688{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D934EAFF8A3DCFE3A8B3455B37CFCF6B,SHA256=023D371D7A25D4C6A87909570F754FD0A5EBCC304C77BB0CD770575F620EE948,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015359Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:51.573{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D19384A5916125F87E567832F5C94879,SHA256=24500F729B97C324AE358F14C690BE97185A245E47ED7D7A38D4E17DA12858FD,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031264Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:48.178{6EDEAD03-FC18-615B-0100-00000000FB01}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local52153-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local445microsoft-ds 354300x800000000000000031263Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:48.178{6EDEAD03-FC18-615B-0100-00000000FB01}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local52153-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local445microsoft-ds 10341000x800000000000000031262Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:51.360{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031261Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:51.360{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031260Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:51.360{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031259Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:51.360{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031258Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:51.360{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031257Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:51.360{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031256Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:51.360{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031255Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:51.360{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031254Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:51.360{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031253Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:51.360{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031252Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:51.360{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031251Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:51.360{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031250Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:51.360{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031249Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:51.360{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031248Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:51.360{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031247Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:51.360{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031246Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:51.360{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031245Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:51.360{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031244Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:51.360{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031243Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:51.360{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031242Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:51.360{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031241Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:51.360{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031240Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:51.360{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031239Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:51.360{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031238Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:51.360{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031237Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:51.360{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031236Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:51.360{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031235Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:51.360{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031234Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:51.360{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031233Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:51.360{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031232Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:51.360{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031231Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:51.360{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031230Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:51.360{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000015361Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:52.791{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C3F660CB7DBF07933A6FB473FD85A05,SHA256=5F92F939946CC348E01B9537D8722D233872E9338D42EBEC15EADEB4395EDF54,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000015360Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:50.298{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50428-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031266Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:52.922{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2A8A25AE4ABE1A9DEA25A65E8239A156,SHA256=1E5D2F77D0E0FBEA7A78AD3C2C6C37F30408AE8C04D6CA67352575806972603D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015362Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:53.854{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5DE3E69E8BF4D8EAF33E2B03FD8E5ECB,SHA256=2AF13FF6DB371B20B9204C82906CAC996EBAE63243FABA14686418621831D82D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031268Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:53.922{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=45419A551EC82D5412306107C8BE5DD9,SHA256=E94B7FC7B1FE9473F7CA6A4077762489BE477FC002A6C53CDC0C30D2B27EDDF7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031267Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:51.612{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52154-false10.0.1.12-8000- 23542300x800000000000000015363Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:54.979{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0EA113887B9BC27E1C9598F344ECB0DF,SHA256=5139BFD8DC1110146940C6D9833519C97124DCA4BB20F51A45AC82FB3B2DA65E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031269Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:54.938{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2FA07893B56BAEEEDF94E0F117A1E8D9,SHA256=39FEDF9BE47FAA1688F2608CA19CBB9DCFFCFCD4D7AFC87A642C532F2E99FBB3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031270Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:55.938{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C3FC81836D307A9BA06A199069C72C2E,SHA256=9FFD42339D91A0DB7790F45697CF7FCD2BF3AC577695E67BFB3FC35ECA1AE425,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031271Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:56.954{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CFDB44B3D68EB6FA7319B60A9FCC7759,SHA256=FCB9E8C0AC6A32DA33EFF86672C996587C9F6EEBA7A23AEC7CF44878B580336E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015364Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:56.151{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B5F2D81A2D4884E98B067A7CC2EB6E7,SHA256=E1A185E0E71271072BF8FBE23FAFBE698207BA65C5B70BE3F84F5A1B8C5E3496,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031272Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:57.969{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5CE7C8C7F7E9098450B0737F6A37C3BC,SHA256=C696472DFA2877ABE0782C1BEE96D2640AB06269DD681BA0B5C5FB019C4219B7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015365Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:57.182{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9C660A08B5907604272E3C4E88A5D01E,SHA256=DA3ABACEFCE938F239A0BD45EBC6803A05E199CCA6FF20A370F784A6BC6C1EBA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031274Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:58.985{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1A9D382D0F4DA3D9AB52FBE406F1C9FC,SHA256=40C65447F7AEBDC42E01F6FB3BEDA1BB44FADB87BDD9E9EC9D76B5117A14880B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015367Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:58.276{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9AFDD2260AD07EF3C036FE684E7B21D6,SHA256=41B16C87818E3A08E8C774F9F3245F06C9A22C718789A4C4D17D837FA197C0AD,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031273Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:26:56.784{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52155-false10.0.1.12-8000- 354300x800000000000000015366Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:56.282{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50429-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000015368Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:26:59.290{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C1778FC3E27FE703CF14CF14262009B,SHA256=52178C0C864437C93D2A30FB921A3FA6CF8C92CA169D4BD37B418E7784112020,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015369Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:00.306{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9E7E6FC44C5CDA9AC805D8E89CF8F788,SHA256=2D6E8139C609A7AA6894B7A959565BB755618DF83B24964FE35AA0C1B1461978,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031277Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:00.951{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=455F21FFCB86566A40730DC5DA99A78B,SHA256=C64B04E7D15ABCC4B3C3527973BE9CBF1E706C8200B872CDDB26E19B2DF50CA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031276Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:00.951{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=46995760D13B385720E9961E4A0917D0,SHA256=3B5D880D7D23A7E81E51CDA41369A668FEF7D7BD66D9CF819DF500D64E7D8AE1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031275Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:00.013{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E735B3863895FC2DE4E1E25FB297A45C,SHA256=7C1AB1434E00705D0BD955920DB80FC32FCBEFA8DCBB453C45A3BFF9EB6D05E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015370Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:01.322{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0EFAFA72B74D795B452C6BC05E2EBA0D,SHA256=FA9A26B4DAABFCB057727B13A49084EDD8ED55A2BA3D1705F7D0A394AC5D0556,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031278Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:01.013{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=013FFD7522BFF037F1F901A9CB1DB76D,SHA256=C3C36CDD9C206763BDBD3045CCB5467B5941262672895E6E7A345AD536DE5AAC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015371Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:02.337{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=78771D50D6D8FC4D977900AB80460590,SHA256=9605D2CF832306530A944BB6BAB842BFCE74B62F57F092D7F23D734112976C47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031279Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:02.044{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FC0CD84CA57CF0A93E6AB069A1A62DCC,SHA256=89996F7F52CC6D0294434E779AE251847639390BD036A02AB54ADCE326029FEA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015372Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:03.353{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9B47EB3A892D6F1418C2047DD2D78E50,SHA256=34D12B998BBC24495C7EC717FA2B1C608A8CD28FFDDC7A84ED536318A7BA8C07,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031280Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:03.060{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E6467C7189099594A3EA6898B39D0A5,SHA256=95E2585E163142DD9113409CAAE4DACA7B1AE96CAB63EFA9353FA8E82E1749DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015375Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:04.950{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211005072534-059MD5=9DBD3CF651CAD1963D7DD9E70795396E,SHA256=D00FE5240C0E39CC33FD8ADFFDA13197E8833401D0A3D05F731F6A79B8E00229,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015374Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:04.384{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7AF3130F34FCB39C6E5E5E7F1574CC32,SHA256=92F7F55EAD6094CB90E95A58D7838B47E0C57F29E413F6BB128A76F3B050DB99,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031281Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:04.216{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C8EF13E72D29071DEAC2C99EF9127418,SHA256=A32B7F0D9235402B05CBC8B442B6E34256E03E9FDE0607CA47F33858644C03A4,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000015373Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:02.188{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50430-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000015377Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:05.964{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211005072532-060MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015376Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:05.619{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=593731424720A04C3336D6A28DA5A816,SHA256=6405DE8170EE9CCE1DEF7CD4C1FE680D1413AF0E07DD2248A8649F9E6518EF7A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031283Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:05.232{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FC5E862966896265D17E608B7A6A6282,SHA256=E73BBDE6BC37312A323CC95263F5B9E36C25B93E98C2AFEF6AFFE6E8727AB5FD,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031282Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:02.687{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52156-false10.0.1.12-8000- 23542300x800000000000000015378Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:06.791{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1220D208646BBC73AC661AB801F4B0FA,SHA256=7D3AC05B14F39306C42783F78E38509309929DAD3149BA095FA530073E68AC63,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031284Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:06.357{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=057FFAF7E1E05D9B8603BC0501DF8A14,SHA256=3232D65FD7EFED7BA6C9874C0B5A136CAA3210E7287764E53F862B4A146941C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015379Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:07.807{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E1C4FC349EADA266B9D39E463B1CF95,SHA256=FF283C0497914159E15479FEB6131DA1D88FB49E919B9D1F964DE955A5E028CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031285Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:07.404{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ACDCEF37750C555439F3A5D336F40420,SHA256=D39E1D642F333A238765777F8CE50B4851388D08F33C293F5692EE6D5F7E17F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015380Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:08.979{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BBB1B6E69814825AD72AA046C93A864D,SHA256=5575F21F0E4076B0CFDBF60D57F2B88E45D60392C797B7F977A3A2B186EB3E2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031286Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:08.419{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AADB016EF13D48312C449F42C66EDC7A,SHA256=1AD09B4FEC94CA99295E2EC00FB1EC1023E9A1B1884781CBACEB187B883E4B5B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031287Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:09.435{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=878C37C6D68A0F6BF188FC7A0A655041,SHA256=11C5106451C8BFAB5ABF4DF589AFE8BC1DB0FF310C2F4EF3D2793B46C4AD6BA5,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000015381Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:07.204{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50431-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031289Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:10.451{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=326C1ED863B8297812B843F09325EBE5,SHA256=80397BAF1B49B711A28814FE7AC3F1D787CC6D8E2A2B412F6750961FFEC5AEF9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015382Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:10.197{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF4903C6113C381D46ADE8A1BA76DE36,SHA256=E9553E02D31C9BAF89ABEE7B985106D19CABCE7CCF09A394FA77716E05F8E916,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031288Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:07.796{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52157-false10.0.1.12-8000- 23542300x800000000000000031290Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:11.466{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2157101BA114C0EAE9295DDFDF4D87CD,SHA256=201F10D23B6A3C2D7B47365277CA7425AECC49E9625BE668B8A3DEC1EB962F37,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015383Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:11.432{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=683D9A5742F8C99A3C138F8E23E32FA6,SHA256=85B21B7BEF90DF1BE3D446E8A143D8D6762CC61119A7F9117DDC89C28C025304,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015384Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:12.463{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=02CB3798F629099DC7A412219D6F5D0C,SHA256=ED5C05621E6FAEE73C8F6F4DD18C7E8BADBBFE9B8F44210D29B56FA70AF43A7C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031291Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:12.513{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D91E250927547DB8144EC4124640F2B3,SHA256=E158D1ADE8E06BEB06A1F2404DE94AE3963B45F23906EAB23462D7FDF754CF17,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015385Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:13.619{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CF221EE1819DC20C197D1F193703956E,SHA256=89571C8C54FB9DC4F6181D54D39CA06CA2EA74654AD720B1858E66CE9C8C721E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031292Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:13.513{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=34F3EE60B3AB03DB0E6332F102C289F2,SHA256=2394F4F41D0F3B780796F424A22775ED7A2D0FC9FBBCB05CCB0FAD99A534FFA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015387Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:14.760{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=040D0415AB57C061B4EFA21FB3DCB0EA,SHA256=F4DF3A0F38BFA53877C74A13BCF3001E562F6C780E99D5F25BE80DE86A3F478E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031293Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:14.544{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F35ECAA8066DD2CC8860D0EC07A4DBB3,SHA256=5B8D021999E9223EA4584F96EA1E2D92BABD0905A00020AA5A1CC9001FB8EF4F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000015386Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:13.235{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50432-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000015388Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:15.806{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E8F3D206D9EEFF7D9CB27CB01D55F264,SHA256=767E17ECA110AF2D806383949F28DAD4E96E62EEA4A45131FB567D0B5E28385D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031294Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:15.560{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E8C366110E9EE561B9D652E01DFDF14F,SHA256=A1FF0CA42A95969143E80100BEBF9E668BA6F3A7F4B14436F6026B8EC68CD576,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015389Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:16.947{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C6B1E144D96BC85AF36E3A23BD9A5D4,SHA256=B1BBB4966ABD2C30C26253587563B21C7F9B349396C496D58C1453C2F0041549,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031296Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:16.560{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=87EE30369A763F018391A5BD5DAE71D9,SHA256=ABD19A7FD6D19CD0A96EF26E91031E244E00CC1660CB03163F142D5251F4B9F5,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031295Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:13.687{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52158-false10.0.1.12-8000- 23542300x800000000000000015390Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:17.963{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FD6E09B0C62CEE3DDE4223A8BDF401EF,SHA256=F80B3E8F29961C7F28D94942565CF3CAB20B7F780BE2A6682358A7A50904E93D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031299Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:17.716{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B1B839DB0A5C71056929B0CFAEEC33B8,SHA256=2D1AA18BCCDAF7DE447E59929F579E27B732925D136BDC6DD24D3F18F79B934A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031298Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:17.716{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=455F21FFCB86566A40730DC5DA99A78B,SHA256=C64B04E7D15ABCC4B3C3527973BE9CBF1E706C8200B872CDDB26E19B2DF50CA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031297Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:17.560{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=87EDD4422708B3517D418A35D23AFB38,SHA256=062B940C1360678F08FE167EA8C1B9A7737FEA90DA4FE4D62ECBD67A128A3847,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015391Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:18.978{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2DB1187DD707872A51015F55416D5500,SHA256=FFA98E350A9BFA03C967AF6AD6D726608C91B14E30491615AC9FCF7BFE229C1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031302Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:18.576{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4056536E7F1F56FC8C361EB2C30003DD,SHA256=9E3CC7B42DF9E87E2FFE59C0F5D9E9279160322B9C9F1C6F1349557611B12A8F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031301Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:16.281{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52159-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x800000000000000031300Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:16.281{6EDEAD03-FC2A-615B-2900-00000000FB01}2912C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52159-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 23542300x800000000000000015392Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:19.991{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89CE6E46E5B03559F516847DE5C2CBF1,SHA256=18CC5FCF78E111CFAB2AD51811E6240FB575CE315541E01E959505D5401AA9F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031303Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:19.620{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD70D48A9E84D335CC1FF47F7C768104,SHA256=A47BB09F97E0E928FEDBA3393896EF12279E8C4ED680A9078DE0B3D7AEB2B253,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031304Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:20.636{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB529362B3C833C5DD9BF9CB355EE341,SHA256=BBD17EE92B64C974F14479CF2CB474A59BC75A68D9233B456647A06A979F70F2,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000015393Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:19.297{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50433-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031306Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:21.651{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C6B31951A3E8CA2A10D78592219C470D,SHA256=8B6F52A15E36E618121EF4EEBFE50B330A00F2F080E666CDBDA0C06A1F972EB9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015394Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:21.007{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EFEF44B1CBB6B468093CBB3CD543CD51,SHA256=42360620F1CC67E316C7627BFFD93BC29B5015B338E5B70CE7A508713A593465,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031305Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:18.749{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52160-false10.0.1.12-8000- 23542300x800000000000000031307Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:22.651{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21E91AE82A89345D8F4CD4079A43D102,SHA256=360BE1BD14FB667C39B5E66DFED7E0F4D720FD77D45FF47F056619181F7EC975,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015395Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:22.241{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=71C3AA65336BF7851055A474CD8E30BE,SHA256=217AA23D505A8537B54FE569529522919076673DDFAEC60198B230DE2AF286DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031308Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:23.667{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E88D315F182310E688B9F597B25B33BB,SHA256=004003284D85BC686B8A03EE4AC2A71281E14CA445F5CA550678265DCF3578B7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015396Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:23.366{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2C8B156C3327786FC3EF5CCFA8AC0453,SHA256=CEFFCB73214C54F547E302819F4147FCCD8CF6EAB3D1B42B82584722B1465BBC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031309Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:24.683{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0064E03A73B6BDD41B7147D8C6AA4FEC,SHA256=6CCFF324CC119ED45BDB4B4915C3F91917C42F88C96B0033EEC97FEAC5D73EA2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015397Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:24.506{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B33DB1198AD8F498F599F878A14FB59,SHA256=A03EF2CB21C1AAFAA03AE89CC546DF6476AB08921698809C7CDE99B5536DA20A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031310Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:25.714{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F50573C9B3A39BEA5C2069CCD6185086,SHA256=F97AB3661D4240D17D3B14E447E635C3E39F9702048007E86FB0BEC4823C7416,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015398Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:25.647{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CB6249090CE45297EB5F5EB9EA864E2B,SHA256=36B2996A2060ED9C5BC476A62A5CE34A738418D88B93791236A1F423BECA2FEB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031312Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:26.745{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D3D620E8F4FC88358853974AF41E2BDF,SHA256=39D98388A7AA606242FBBAF0785F2FA6FC30F68589FF033830F3757F2BAAA200,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015399Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:26.663{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F4BE4C54B6458C105FB33CB2F4274DC9,SHA256=EB880A72974C204E33DC3171DE22D5D9D7C259AA3C4922E4480859B7FFCF5016,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031311Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:24.685{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52161-false10.0.1.12-8000- 23542300x800000000000000031313Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:27.745{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7B3BA77AFC91382304BC2BD0B853EFC3,SHA256=0BE1B1CD24F15A21AEEDAFFE1FE5C2B25E92ACF4BEF2AEC28A1128C32EBD6615,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015401Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:27.897{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=77EF70B7ECC4CFFD30896344A32831BC,SHA256=A0A6C6EC6A6262B97596C9BC957A1DFCA621F839DC59ECA8B2BD7E5FB915CDAE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000015400Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:25.294{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50434-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000015402Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:28.975{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=11020217408FD2CE66E64F15D4AF6AD8,SHA256=5CF7EBEB5D45EA1E73298CE9D8625C6C3E466FFB01238140EA71812BE6A6E47C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031314Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:28.745{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9EB0337A87C97552DCCF4FDF19C0D9A5,SHA256=9F2EB7DED9D95705D846E00FC3599845D9C44F3BF948164AC937420A6D40191C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031315Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:29.761{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C9AD1056E5D494AAFDFA258249C32FDE,SHA256=243AFCB92FF1A75309164055518C8480733C9FAED530C7914B404CA2A0931A12,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031316Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:30.761{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FAB3567F66B26F4299F6B940A333BD48,SHA256=E0C6C570B5D6E02EF161032B4BC60E519A2ECFB529F24CE33BC9D3C172EDE292,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015403Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:30.209{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2A9E5740F6D31BD3500413F9BC5F4E30,SHA256=6690616ADF6C8F93DB0997ED7FA90B5A314D2C27ADF114644FE8BA0568261051,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031318Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:31.792{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75456E7AEDC1CC6E4E28585EAE8B57FD,SHA256=3DB92DE4777D50F0D2753FF70231BE520BDC606FD840ECF23EF861382FD4E383,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015404Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:31.350{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=18B70DD728F37DD554056E6660ADB795,SHA256=A1F9A7DBA5A412D0F5BE732B1F11C5D5B1E495E7539F8EC98E9B3749104A19D3,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031317Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:29.716{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52162-false10.0.1.12-8000- 23542300x800000000000000031319Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:32.792{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=26C480EA6E0C713A1734CF69C88992DD,SHA256=ED078F9583407356777D194FDA4C72290220E8125A30CE2D47329F49E8B90D5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015406Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:32.506{49C67628-FDEB-615B-1100-00000000FC01}964NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=D7EE5EB9EA7B46B0D2C669D9A9EF8F75,SHA256=0484289A571914D4EE16FC4C566FE4C5CDD108FC948C12350CD2C937D860148E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015405Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:32.491{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=98D43A138751C74221BBE65B64479F4E,SHA256=505EF636D2187FA8192A2F79054F93C2697761B91B4C218F32860425D5A690D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031320Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:33.792{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C129D1AA1369AB0E26F2210CB5D60CF,SHA256=A509A485F2554CD2954146E0A75ABB3392D06955F0976E3343147FE11026FB81,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015408Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:33.709{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3D008839223C58595584322348EC7F70,SHA256=07D2DB671200D1D750010AA6EE6BF25B565A47C813AB881E65B4E5FB3A1DF6C8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000015407Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:31.185{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50435-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031321Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:34.886{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=320291B33C99CC77F14D582E3E6BB39A,SHA256=89EA960323B69C8D38EB9D8CB7BAF11EB848B08459B0ED3E0EEE8CD1F846A4DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015412Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:34.756{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0F8AFCD5CE3CAE01B996A7E8ADC80992,SHA256=82FF876486BDDEE3E4818B9FCD111EAFCAD18FCB1698F43F94BAFBE6FE05EFC3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000015411Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:34.678{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-1300-00000000FC01}684C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015410Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:34.678{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-1300-00000000FC01}684C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015409Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:34.678{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-1300-00000000FC01}684C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000031322Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:35.901{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FDF39BBC566BBB2DA3A626C7A020EB8F,SHA256=4AEA8DDBF2CB492E86BBC1F49E8D9FB07DCC8D73CBC2ADF3BF1993B407F8B84B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015413Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:35.772{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2809A94EC98479B71F048BFEE762321,SHA256=84E2C301885597E9B5F2C2289B71F18C661EEC5D888E76E1DA7C5E68E4AD15CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031323Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:36.933{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E990A16386D9E9F5E8A7403B3A773AB,SHA256=508BDDD8514DCC8881E85F5D6A74B707B166166AB5FAC8AEB65B6F29E78A13BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015414Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:36.787{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=810FF3AEE5639A3F95A9C03BE62DAB53,SHA256=1F97364EAF679886046BA825DF76D22E0DC49DBF4D54ECD1C12B946852C222AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015416Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:37.803{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FCEE38DC4F97F6739B720A10E6E2EA62,SHA256=FFB833DA1FF2DEB6B69EEE58D75537BBF951673DAD515648FFB61ADCD48BC2A7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031324Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:35.700{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52163-false10.0.1.12-8000- 354300x800000000000000015415Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:36.247{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50436-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000015417Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:38.818{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B85C2A01D89EDF364D40D16CAB3A867,SHA256=76CA917543423E0DCDA89548E8F932205C9E159BF10F4BEA8D51EF08837DED95,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031325Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:38.167{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C0ED6B3F60DF33E06E98793302FADB60,SHA256=2FA43404FD4BEC9B57DA608FD8670CEF94276A20EFD50412BC8F8B8C9DBE0517,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031342Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:39.992{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031341Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:39.992{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031340Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:39.992{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031339Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:39.992{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031338Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:39.992{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-0C7B-615C-6806-00000000FB01}4948C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031337Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:39.992{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0C7B-615C-6806-00000000FB01}4948C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031336Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:39.993{6EDEAD03-0C7B-615C-6806-00000000FB01}4948C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031335Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:39.710{6EDEAD03-FCBF-615B-AF00-00000000FB01}416NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031334Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:39.492{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0C7B-615C-6706-00000000FB01}2412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031333Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:39.492{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031332Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:39.492{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031331Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:39.492{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031330Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:39.492{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031329Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:39.492{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-0C7B-615C-6706-00000000FB01}2412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031328Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:39.492{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0C7B-615C-6706-00000000FB01}2412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031327Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:39.492{6EDEAD03-0C7B-615C-6706-00000000FB01}2412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031326Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:39.183{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C63E7DF4A2AD01817734344202CC8858,SHA256=1FFA1A5BF60CF8859A3775947A6EDDE1AA68241576EEF0775FD03A58BC3A7D28,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031355Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:40.648{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0C7C-615C-6906-00000000FB01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031354Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:40.648{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031353Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:40.648{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031352Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:40.648{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031351Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:40.648{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031350Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:40.648{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-0C7C-615C-6906-00000000FB01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031349Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:40.648{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0C7C-615C-6906-00000000FB01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031348Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:40.649{6EDEAD03-0C7C-615C-6906-00000000FB01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031347Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:40.507{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5F6EA294A73507ED13625C2A200B38A2,SHA256=C42BAC76E599B7028B5F8886B8275E783E090D559CCCA3D1BAEBFC50C52A5F2C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031346Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:40.507{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B1B839DB0A5C71056929B0CFAEEC33B8,SHA256=2D1AA18BCCDAF7DE447E59929F579E27B732925D136BDC6DD24D3F18F79B934A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031345Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:40.210{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AEE0ECC25388780EFB2AF1F392093A6C,SHA256=DD893DE5D6900F91D81CF49394746CFEC5375C58DCAC1D30DE4DD0CDE5FF0A41,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015418Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:40.066{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC59FD03636D14C4D2F1715899CD3240,SHA256=4ED4072456DA7EBEB745EC851557D58531D42357E6351FCAF87929EF77FD7141,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031344Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:40.148{6EDEAD03-0C7B-615C-6806-00000000FB01}49485712C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031343Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:39.992{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0C7B-615C-6806-00000000FB01}4948C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000031357Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:41.648{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5F6EA294A73507ED13625C2A200B38A2,SHA256=C42BAC76E599B7028B5F8886B8275E783E090D559CCCA3D1BAEBFC50C52A5F2C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031356Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:41.382{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B9BBADAAF5D112BFC43B5D400A91BBE,SHA256=16C29D3A4D3203793A7E41542368C98F9B1B61DBD58F1F0B458D8FC95591580A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015419Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:41.097{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0861D7DE21D31CF25DD4C65FB3CC2146,SHA256=F0087B4EC5068A55E53D772F8395AF84D3456B763E1C910B518AD2CB86621018,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000015431Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 08:27:42.862{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000015430Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 08:27:42.862{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0038fc61) 13241300x800000000000000015429Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 08:27:42.862{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b9ba-0x7ba0f094) 13241300x800000000000000015428Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 08:27:42.862{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b9c2-0xdd655894) 13241300x800000000000000015427Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 08:27:42.862{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b9cb-0x3f29c094) 13241300x800000000000000015426Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 08:27:42.862{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000015425Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 08:27:42.862{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x0038fc61) 13241300x800000000000000015424Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 08:27:42.862{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7b9ba-0x7ba0f094) 13241300x800000000000000015423Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 08:27:42.862{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7b9c2-0xdd655894) 13241300x800000000000000015422Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-05 08:27:42.862{49C67628-FDEB-615B-0B00-00000000FC01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7b9cb-0x3f29c094) 354300x800000000000000015421Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:41.306{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50437-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000015420Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:42.300{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4F7EFAB9131BD3029B9BBBE440C88E83,SHA256=F495A9987B566106E28F8A6A5D27662F09DFEAD50F3FD4EACEF456144FF8F9E1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031376Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:42.945{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0C7E-615C-6B06-00000000FB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031375Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:42.945{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031374Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:42.945{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031373Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:42.945{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031372Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:42.945{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031371Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:42.945{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0C7E-615C-6B06-00000000FB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031370Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:42.945{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0C7E-615C-6B06-00000000FB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031369Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:42.946{6EDEAD03-0C7E-615C-6B06-00000000FB01}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000031368Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:42.585{6EDEAD03-0C7E-615C-6A06-00000000FB01}29565024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031367Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:42.414{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0C7E-615C-6A06-00000000FB01}2956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031366Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:42.414{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031365Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:42.414{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031364Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:42.414{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031363Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:42.414{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031362Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:42.414{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0C7E-615C-6A06-00000000FB01}2956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031361Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:42.414{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0C7E-615C-6A06-00000000FB01}2956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031360Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:42.414{6EDEAD03-0C7E-615C-6A06-00000000FB01}2956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031359Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:42.382{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A10A4D98DE91E38005B1E4E9F8B399C0,SHA256=45DF4DFB0138E6D1B0CA4002BF14112F5C337FE433F9AA0F221F77031E0A0556,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031358Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:39.292{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52164-false10.0.1.12-8089- 23542300x800000000000000015432Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:43.519{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DAF018494C46E5F5CEBE5CFDA347D13C,SHA256=A61EAC1C98A2FBF91499E1EBF970EC40DCE2FFE26BDA4B919DFB84B14C6CB471,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031389Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:43.695{6EDEAD03-0C7F-615C-6C06-00000000FB01}11807080C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031388Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:43.554{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0C7F-615C-6C06-00000000FB01}1180C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031387Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:43.554{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031386Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:43.554{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031385Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:43.554{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031384Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:43.554{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031383Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:43.554{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-0C7F-615C-6C06-00000000FB01}1180C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031382Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:43.554{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0C7F-615C-6C06-00000000FB01}1180C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031381Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:43.556{6EDEAD03-0C7F-615C-6C06-00000000FB01}1180C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031380Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:43.460{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3B4888FD03FB9604E8EF2A5DF86D53EE,SHA256=4E6111C94AAAA903272928CF39C37B7D8267B2A35F44B3E0A0586DAB5401E7A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031379Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:43.429{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C3FBE046DF3B60D1C65C184E048586D0,SHA256=BC9BB00BC7B353EDF42E84296CB576D2C1A0CF8B83EFEB9AFC48C4BD8B7D9FF8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031378Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:43.148{6EDEAD03-0C7E-615C-6B06-00000000FB01}57084904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000031377Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:40.806{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52165-false10.0.1.12-8000- 10341000x800000000000000015460Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:44.925{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0C80-615C-8B02-00000000FC01}2976C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015459Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:44.925{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015458Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:44.925{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015457Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:44.925{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015456Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:44.925{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015455Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:44.925{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015454Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:44.925{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015453Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:44.925{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015452Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:44.925{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015451Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:44.925{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015450Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:44.925{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0C80-615C-8B02-00000000FC01}2976C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000015449Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:44.925{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0C80-615C-8B02-00000000FC01}2976C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000015448Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:44.925{49C67628-0C80-615C-8B02-00000000FC01}2976C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000015447Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:44.753{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8EFA1BC72A55C1F8D03D16E44A67C5C2,SHA256=A2A1106EF71D6F8424122A6041A2F6AFA106C67AB2FB97F1D28D61510C149C88,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031399Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:44.570{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=242E71C08589C6752CA0A8A38BCB3828,SHA256=7CAFC45F4AEA487FEA8760CB74EFF06ABE933BB173112C4F57D382117FF6975C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031398Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:44.523{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1809C0BE52D5A986F5C2A9ED6CAA78F8,SHA256=24D951854408EBFECF8A462C45FC648B50DE24EE2FB58DDAF35109D72617E2AC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000015446Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:44.394{49C67628-0C80-615C-8A02-00000000FC01}13683832C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015445Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:44.253{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0C80-615C-8A02-00000000FC01}1368C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015444Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:44.253{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015443Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:44.253{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015442Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:44.253{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015441Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:44.253{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015440Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:44.253{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015439Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:44.253{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015438Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:44.253{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015437Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:44.253{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015436Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:44.253{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015435Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:44.253{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0C80-615C-8A02-00000000FC01}1368C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000015434Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:44.253{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0C80-615C-8A02-00000000FC01}1368C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000015433Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:44.254{49C67628-0C80-615C-8A02-00000000FC01}1368C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000031397Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:44.226{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0C80-615C-6D06-00000000FB01}1452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031396Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:44.226{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031395Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:44.226{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031394Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:44.226{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031393Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:44.226{6EDEAD03-FC1D-615B-0C00-00000000FB01}8484668C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031392Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:44.226{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0C80-615C-6D06-00000000FB01}1452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031391Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:44.226{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0C80-615C-6D06-00000000FB01}1452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031390Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:44.227{6EDEAD03-0C80-615C-6D06-00000000FB01}1452C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000015476Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:45.987{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EA756B14FE74B7354D8CBE8A91F9AE1C,SHA256=DD4A568A5BC526271595E0EFCA81F25349D54ADD4B646039A9B81900CA3425FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031400Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:45.539{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=93BB4146C831BD4ABEDCC9C59FD39BA9,SHA256=E37B04843E72A6552D444CB8A5F5234D6807DEE1D61ED6F525617DABB185B9B4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000015475Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:45.597{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0C81-615C-8C02-00000000FC01}2552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015474Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:45.597{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015473Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:45.597{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015472Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:45.597{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015471Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:45.597{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015470Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:45.597{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015469Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:45.597{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015468Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:45.597{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015467Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:45.597{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015466Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:45.597{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015465Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:45.597{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-0C81-615C-8C02-00000000FC01}2552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000015464Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:45.597{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0C81-615C-8C02-00000000FC01}2552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000015463Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:45.597{49C67628-0C81-615C-8C02-00000000FC01}2552C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000015462Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:45.347{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2F27292E19683EFB063DEDB219162DF7,SHA256=A05C555502BC7D1E25403B007DD19E7DAB60ABD397874AF61A86F5A7E6D826AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015461Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:45.347{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=77F0C7A91721A783751BFEDBE1F929FB,SHA256=F2651624CCCF2CD0744CF768F50C2AC95D61CD489AD163556540ECA93182D329,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031401Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:46.539{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AF0841F765B8F29C148DCE65454C63BC,SHA256=865E247BEF7EDC5094AB64FA5EA602F3F47F0E0307D14D25C615F247DD0A0A52,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015491Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:46.643{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2F27292E19683EFB063DEDB219162DF7,SHA256=A05C555502BC7D1E25403B007DD19E7DAB60ABD397874AF61A86F5A7E6D826AB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000015490Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:46.581{49C67628-0C82-615C-8D02-00000000FC01}5083492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015489Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:46.394{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0C82-615C-8D02-00000000FC01}508C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015488Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:46.394{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015487Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:46.394{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015486Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:46.394{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015485Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:46.394{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015484Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:46.394{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015483Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:46.394{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015482Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:46.394{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015481Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:46.394{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015480Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:46.394{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015479Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:46.394{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-0C82-615C-8D02-00000000FC01}508C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000015478Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:46.394{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0C82-615C-8D02-00000000FC01}508C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000015477Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:46.394{49C67628-0C82-615C-8D02-00000000FC01}508C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000015493Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:47.972{49C67628-FE68-615B-9F00-00000000FC01}1772NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015492Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:47.034{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9CE1710F9FAB258213220CB5DDE86738,SHA256=94E4C00592F387EDCEA977F978541AFD8840443A99BF7E6B77B90596014EF23E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031403Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:47.809{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211005071805-067MD5=AA6F78CCC35FD74424B933C975A9F779,SHA256=482DFC86E7C4A11E76E3E352EB64B396C84C083D9F57F37823883232EC55A225,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031402Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:47.541{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE3CEDC930162C2D25C443132F0C6367,SHA256=256C028C60CFB0BF791F34A714E253961887E13BC2BF9378A159E346DA2C11DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031407Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:48.823{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211005071802-068MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031406Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:48.556{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85C1877B375753599B439C92C2C7087D,SHA256=8AF9E26A0A26D5B5CECCE1D716555CC743EB7D6DEF7893BEA539D2AFBB4F21C4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000015523Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:48.925{49C67628-0C84-615C-8F02-00000000FC01}35161076C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000015522Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:47.087{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50438-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000015521Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:48.784{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0C84-615C-8F02-00000000FC01}3516C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015520Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:48.784{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015519Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:48.784{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015518Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:48.784{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015517Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:48.784{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015516Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:48.784{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015515Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:48.784{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015514Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:48.784{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015513Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:48.784{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015512Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:48.784{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015511Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:48.784{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-0C84-615C-8F02-00000000FC01}3516C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000015510Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:48.784{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0C84-615C-8F02-00000000FC01}3516C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000015509Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:48.785{49C67628-0C84-615C-8F02-00000000FC01}3516C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000015508Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:48.456{49C67628-0C84-615C-8E02-00000000FC01}10482856C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015507Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:48.284{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0C84-615C-8E02-00000000FC01}1048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015506Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:48.284{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015505Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:48.284{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015504Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:48.284{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015503Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:48.284{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015502Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:48.284{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015501Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:48.284{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015500Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:48.284{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015499Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:48.284{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015498Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:48.284{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015497Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:48.284{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-0C84-615C-8E02-00000000FC01}1048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000015496Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:48.284{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0C84-615C-8E02-00000000FC01}1048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000015495Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:48.285{49C67628-0C84-615C-8E02-00000000FC01}1048C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000015494Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:48.268{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BF2E954A21620CD3794971037C1B0608,SHA256=4DBF0AE0CC727E34CEB0A36B29FAD237D3EA7270947079D2856EAF583AAAB653,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031405Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:45.837{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52166-false10.0.1.12-8000- 10341000x800000000000000031404Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:48.197{6EDEAD03-FC1B-615B-0B00-00000000FB01}6365952C:\Windows\system32\lsass.exe{6EDEAD03-FC18-615B-0100-00000000FB01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96ef2|C:\Windows\system32\kerberos.DLL+793e4|C:\Windows\system32\kerberos.DLL+1443f|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+2b3d4|C:\Windows\system32\lsasrv.dll+30929|C:\Windows\system32\lsasrv.dll+2e287|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+15ded|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 23542300x800000000000000031409Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:49.573{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB3D56ACC7FB86CAB609DFB3A5E38DEE,SHA256=6512154DAE7B4265B4CBD855BF79C649AE0CA60ECA013762FA518865775669D8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000015539Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:48.010{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50439-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000015538Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:49.440{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5D41C6930C079067FF35D6D58B5E75B4,SHA256=B5B4195F045B53A75DE9B7440A3989C28DA6246CE2F80C52A8E7ED3CEF65429E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000015537Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:49.409{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0C85-615C-9002-00000000FC01}3944C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015536Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:49.409{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015535Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:49.409{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015534Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:49.409{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015533Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:49.409{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015532Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:49.409{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015531Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:49.409{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015530Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:49.409{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015529Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:49.409{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015528Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:49.409{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015527Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:49.409{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-0C85-615C-9002-00000000FC01}3944C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000015526Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:49.409{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0C85-615C-9002-00000000FC01}3944C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000015525Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:49.410{49C67628-0C85-615C-9002-00000000FC01}3944C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031408Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:49.226{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A43EC7D5C16AB84AB8435526C5FE6229,SHA256=FEBA0FD28E7D0BE74F5F4FC294C878DD073B5D96BD7844E26657CDFFD7D8614A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015524Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:49.300{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=84A56FB23C9B6D13EF34FB373FEC5E5D,SHA256=D6690C6E5121EC4EB2E7F5D7AECD55929A2644B1F931DD231C6CDFFEF003BC6B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031415Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:50.714{6EDEAD03-FC1D-615B-1200-00000000FB01}616NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=93182B0692B66F8F8859E07E20FCED61,SHA256=CDB2B7D66527D4D5465CF17B926522D18E78D97BD0E3E04089550A2F4E5992DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031414Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:50.620{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EE41043402D1157F39F544B2072FFB01,SHA256=57A853EA371BE371B6AE772D4E8EF7F27DAEFD057582CFB839FB3D3E9A1137B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015541Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:50.425{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=144371CDB15461F043A7D0C1BDB3F4EA,SHA256=D5ECBECC002B43C6EF53CF09CF14FF79C6258CF8EEBF9FBB8FDE5A5884814CEC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015540Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:50.425{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=26FF3A44B906ED0E24A23EF1E3AE5426,SHA256=013B43782A055AEB5D8A5140FD0DE598FE2AF368F68B60D45CBA6E1CF30EF195,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031413Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:47.793{6EDEAD03-FC18-615B-0100-00000000FB01}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local52167-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local445microsoft-ds 354300x800000000000000031412Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:47.793{6EDEAD03-FC18-615B-0100-00000000FB01}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local52167-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local445microsoft-ds 10341000x800000000000000031411Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:50.229{6EDEAD03-FC1D-615B-1600-00000000FB01}12886612C:\Windows\System32\svchost.exe{6EDEAD03-FC2A-615B-2D00-00000000FB01}1000C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2a2f2|C:\Windows\system32\wbem\wmiprvsd.dll+29e26|C:\Windows\system32\wbem\wmiprvsd.dll+28432|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031410Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:50.229{6EDEAD03-FC1D-615B-1600-00000000FB01}12886612C:\Windows\System32\svchost.exe{6EDEAD03-FC2A-615B-2D00-00000000FB01}1000C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2597b|C:\Windows\system32\wbem\wmiprvsd.dll+283dc|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000031416Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:51.651{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD03C7C6B44E89F71BD8A9520B8D3412,SHA256=3183F65A602950059DB8CD1DEC98464FA20E8197ADD3B27BF2ED8D80F2C34A73,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015542Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:51.596{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF37BA1BC8DBD0687BB9229ABBA084E5,SHA256=EC01766AD8DB6210D8BDA3E5DB6C86C7A79C079DF28E437A06F7149FB1CEEB26,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015543Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:52.737{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AFA40E5BAC02EB0E51A242B1B2321DDA,SHA256=FCD4A1858738BFD1288830A4E65E30BA5D8D0DD5E05E4E5CAF154D4A4A305014,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031417Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:52.667{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E8229E09FB9F4281EAD97028694DBD23,SHA256=C6B8013BE1DC8CF50855EC6964ED89EDE48F6E7FAB6EB4903A8FEAD6E5C9BE43,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015544Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:53.768{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E1AFCC0219DE4B2B41D44D095069E484,SHA256=E565A4D16DE1359B89DDF5CD2005475D447C7EB824A1371B4FA105FE04A92D58,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031418Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:53.667{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4FC5326AED76C7ACC8057EB52034FAEC,SHA256=F270EDE7EA45656C675771F7ACF14813CBEF6C977A5319DD3F5636C8E859132B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015545Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:54.971{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21FCFB4DD113095C58085B950C529BD6,SHA256=DA53A1885D459BE0074FC066649D95C8BC5ECB689D7DC097502EE099498EA431,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031420Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:54.683{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=917576A84A516A567B6535470485C25E,SHA256=FD399E446425F4ACAEF6AFE5F46D8F5CAE4C49142D0126E22BB4A8CD9DA34045,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031419Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:51.825{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52168-false10.0.1.12-8000- 23542300x800000000000000015547Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:55.987{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B6FA8D5E15FA6ABDCE18EFF44664CE24,SHA256=D96CF4FB452F81193D7CE59155C871C3D06E7ACFE6D3C705DBCBF3E97257F4EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031423Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:55.870{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A25290875DB0A04128E3CC266E56F984,SHA256=DB7735607A75476A65D62462AD766BC637C69FACEA75C2C71951443F56A2E2A5,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000015546Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:53.119{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50440-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000031422Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:52.720{6EDEAD03-FC18-615B-0100-00000000FB01}4SystemNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.255-138netbios-dgmfalse10.0.1.14win-dc-676.attackrange.local138netbios-dgm 354300x800000000000000031421Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:52.720{6EDEAD03-FC18-615B-0100-00000000FB01}4SystemNT AUTHORITY\SYSTEMudptruefalse10.0.1.14win-dc-676.attackrange.local138netbios-dgmfalse10.0.1.255-138netbios-dgm 23542300x800000000000000031424Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:56.901{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BA314718D6099BF23810F9F8E0E618BC,SHA256=07A3BDEFE51E33DA91CBCCFCD23CDF607796B5662B72D04C72EA64692362385E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031425Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:57.933{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21777F02965C33A19B6947B9046E5B20,SHA256=87FA28F2C39124E78887848C53C3DDC2CC10AAF82EB4594D67496D0AEF9EAD21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015548Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:57.237{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5069655BB96749775F3E823A9115F8B4,SHA256=DCEDD35DD13B811CD938811572827EED046EC55A9F003C30ACD3615E25DEBA47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015549Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:58.440{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C3D0E03646545D2C9AEC526F2067B7EE,SHA256=30F4F0F2723C9A186872D68D27EBDBFFDDCB681E56E90FCD72C67CDC731E0626,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015550Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:59.574{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BE8C1AC30DD184C2606994DCDDBB4D7C,SHA256=69BC90DB7810AA007DE0CDE5C17B6704A13A92C87471028E4A2590EFB89465A9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031427Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:57.856{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52169-false10.0.1.12-8000- 23542300x800000000000000031426Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:27:59.167{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EEA0A803BF12138481141B21789C69D3,SHA256=B7353DE4D2A5BC15A1A54475D582E996D882201AF0BCA8AF7B29CE80FC179DFA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015552Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:00.714{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=04DE97ACB42CB7B57D5C93EF26EC9393,SHA256=1EECF6E6E4951CA2171FFC9D1B3AD392E0E4E87EE154E50132FF43D40141F16E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031430Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:00.547{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=04D91DA7918BAC2B196A616F0229FB8E,SHA256=F0345C7FC0B6A2F3E66D1EBDBEB49E4F93DB5CC5D1DD305D76D6B4980D0C8A08,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031429Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:00.547{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AEB150F14B90F89EFA1950AC5213C5EA,SHA256=576A750AD562A1838F036D52ED975CE1F7B259E2FDC3457173B9A35DAF86DF6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031428Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:00.250{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=83B6749048933F33F106600D0E0B496E,SHA256=5E267FA68457955903209FE6988981A5ECE3088BBE050E039AC175C8AD6BBBDA,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000015551Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:27:58.259{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50441-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000015553Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:01.855{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A275D23521FD7540524822C1FF6848FD,SHA256=1B2201C5DA2A85A6FBF6901D89A277D60E78C13A327F6208DB4D50AABDBEC0AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031431Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:01.312{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EFB8A7B9C6C8CC8F5B166AADBC893C45,SHA256=F7959810314B0A09A101A3BEA0A3DDADEE06244613FA748618864914264877A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015554Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:02.980{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9167826B2415ECA11A65A07BA1A11DE1,SHA256=2207D2CEEBFFBAB765976CE159D5EAB5C188657EEBC7BC55E0E25538305F0869,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031432Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:02.453{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0F96DD7B550BF88C2B6CE61CBD9E3B37,SHA256=435D84E9BFD51EB9819D7A461E3CE6BD52818330122B6600030ACA05B22CFED8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031433Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:03.469{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=98524214A2D3709005DDA6230A23C6AE,SHA256=D40B4DCCF9AD52F31F9DF6FEFF6EB2C9667B50EE4CCA0B948581D049E53A7827,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031434Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:04.500{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=41E063D6DC90250FEF0FE45F4858E45F,SHA256=667822BE9E8DB469503D324D3782599D3A6E59889E7CFEA971A1A274DF8D6334,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015555Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:04.089{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C211C11394F8AFA45BFF9E2AEF21C4DE,SHA256=740F7BE9BE6A5E334BDDC0EA1C944590EA0BA730B222E2155ECAE9380F010295,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031435Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:05.579{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=80B7698BBCC0982844AE4B6453F5956A,SHA256=64C01148A38A4836F69C293BCA81F1DEAF5515489FDDC53F4E64B4DB449B3095,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000015557Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:04.205{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50442-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000015556Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:05.105{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=16C0F5B5ED92B3EE4CE08E0DA05DA977,SHA256=065969A94713B027BA92B8795BDA6ABDD0D4A89EA4090A95F31C3869B42971DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031437Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:06.595{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51D2F293A3B3D8DE24B4E6F34CD486D9,SHA256=00B55D4B7083D2A0BAA4933F63399CAF063A4901CD40552516DF55186FCEB32F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031436Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:03.814{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52170-false10.0.1.12-8000- 23542300x800000000000000015559Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:06.483{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211005072534-060MD5=9DBD3CF651CAD1963D7DD9E70795396E,SHA256=D00FE5240C0E39CC33FD8ADFFDA13197E8833401D0A3D05F731F6A79B8E00229,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015558Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:06.325{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=97309076D90F3A517FB85853E5FDE58E,SHA256=00F6FFD363A65065E2ACDA62FE69EAEC6CE4B4C7204425D18FD8DA99AE266DD5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015561Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:07.489{49C67628-FDEC-615B-1F00-00000000FC01}1876NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211005072532-061MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015560Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:07.458{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B83733575082ED6B1D2F94051A13E7FC,SHA256=61F3EC3BE85285E3999DAB6650A8FA87E7D65E1BB2A06AC3140A0F05192D16C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031438Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:07.595{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57A17C37E3310A3A026F46FC0B71904D,SHA256=5F9FD130FC953314CEAE786C2EFCED84BDDE9BC469C2B52A805B00F71A753A9F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015562Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:08.599{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FCDCA1E04551C9DA7A3FEE08A22FCDFE,SHA256=F35BBAC0800CC8BABB52898674F82E289478BB8DA45466C0432418E4837F3FB4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031439Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:08.610{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B9CA04B70C37C737EFAC090251705543,SHA256=50B0F6B189233FE32D68CBB63AE750533F6BFA07A6E635D12A8F9415B067FCEA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015563Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:09.724{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=11E23BE1B3171543D4381CE581D1126D,SHA256=9E627A17964FA23C834540C307A5C796262AA00D1049438140EE337F6FA44A88,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031440Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:09.611{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D8BDE18DEDD2ED417941E08DF35FB382,SHA256=822073CF6FA3F1D1436B003A1A119B96694C9679DE1DD2F72E91959071F417B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015564Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:10.959{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A7AD292074BB7C72224E208637AFC48,SHA256=8C6CC463FAA432E329E8C130A19F81339835DE58B408EF4911A12D9AFC3A7D8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031441Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:10.626{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=625585BA06F7CA53A2C6C82FE960B60F,SHA256=7E6EBB00AF846C0D87EB2DDCB6307645D6272654932F54450E9EAAAC2F96D3BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015566Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:11.975{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=654ECF64C7700ECC241D30439ABC5B41,SHA256=3AA1CB04E959F7B03C5371F9D88F463AF8C5E40801EF3C3B62482AFED8F3B02C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031442Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:11.626{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E12CBAF4942C10E361F7F004D5EFD17,SHA256=D6F799887223D1C17E76A232861BD1F058F7CE162740575E2C1F6B7A573FAF39,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000015565Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:09.278{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50443-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000015567Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:12.976{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=63DEFE490490D1793750C07CD9A289D2,SHA256=AC6E8B0786C13F70B1F9413109CEBC2A751431248D69A25D9A7C4BCA5A314D59,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031443Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:12.642{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4396DD937E17F03BF22C2217ED5D0091,SHA256=6147FAB8363AA19C0949A60E5B50BF2F3B2E18A05079E1977A1CA3551FCAFDEC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031445Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:13.657{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2010231907E1DAD46A8481997EC782AB,SHA256=CFD3318F2AC2803DD4D80661E2AAB418304E33F4DDA0B1E960D2F32AEE93F941,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031444Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:09.768{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52171-false10.0.1.12-8000- 23542300x800000000000000031446Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:14.657{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A1EA61E2673D26C3A1788F3363F9F01,SHA256=45051BEF452AB01BFB5699376A254CAF3A775B63B395A30A430034DC4CC337BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015568Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:14.211{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E4E92460E7A13F1EA0FB9D2EEEB81B93,SHA256=1908BAB7688FDE0A139B1B90867EAEB40CBC4FBD80C697C975E461A69A999E8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031447Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:15.657{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8FEAE9BD517488DCC8745F122C2EF7AA,SHA256=B8B6E81A51E127F30D11B2DF73B97ED96D7C8757AA754D65F35D841C2FFB8732,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000015570Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:14.296{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50444-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000015569Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:15.352{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F464B0F10CC99DAA5504BF6AFB04A92E,SHA256=066BB471275DB8BB475F3384DA889645DF38DDF7A2C7E175EECAA2DD5A2BD902,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031448Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:16.657{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4A99B062815C4DCEDCF84EEB10C2BF32,SHA256=67DE3E593CF825F34836DC935BF595649AB2D0AA572AE8AA08D4A1D431EE4925,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015571Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:16.478{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EC7C548164277A580389A55CE1CED4F0,SHA256=6D7593665154D4DCE14DF52F492370384A259EF67B3048FD23E305C57428A1BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031451Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:17.751{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A7601886E398C93768A84CB56A7AA0FF,SHA256=A161C7F4AFDD1FA208E9300155CB96733FDA18AD167D010734E43271DD500405,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031450Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:17.751{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=04D91DA7918BAC2B196A616F0229FB8E,SHA256=F0345C7FC0B6A2F3E66D1EBDBEB49E4F93DB5CC5D1DD305D76D6B4980D0C8A08,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031449Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:17.673{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BDD9592DB403D5BE44364BE466882DBB,SHA256=5A05D051B8482E9010654A6DBA7128AB4D51FE7FBE63394669AAA629A99A7111,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015572Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:17.697{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EFFA6153DFBA6EEF83CA9BA11C35046A,SHA256=5EF4C5C3EA7AFBCCB9F49D14F6E51B8450052A756AB8322938B6C0F8CB8BD95B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031464Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:18.767{6EDEAD03-FC1D-615B-1600-00000000FB01}12884808C:\Windows\System32\svchost.exe{6EDEAD03-0CA2-615C-6E06-00000000FB01}5484C:\Windows\system32\rundll32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031463Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:18.767{6EDEAD03-FC1D-615B-1600-00000000FB01}12881316C:\Windows\System32\svchost.exe{6EDEAD03-0CA2-615C-6E06-00000000FB01}5484C:\Windows\system32\rundll32.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\System32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031462Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:18.767{6EDEAD03-FC1D-615B-0C00-00000000FB01}8485000C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031461Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:18.767{6EDEAD03-FC1D-615B-0C00-00000000FB01}8485000C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031460Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:18.751{6EDEAD03-FC1D-615B-0C00-00000000FB01}8485000C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031459Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:18.751{6EDEAD03-FC1D-615B-0C00-00000000FB01}8485000C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031458Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:18.751{6EDEAD03-FF5F-615B-E202-00000000FB01}9723852C:\Windows\system32\csrss.exe{6EDEAD03-0CA2-615C-6E06-00000000FB01}5484C:\Windows\system32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031457Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:18.751{6EDEAD03-011D-615C-0205-00000000FB01}54284716C:\Windows\system32\cmd.exe{6EDEAD03-0CA2-615C-6E06-00000000FB01}5484C:\Windows\system32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+1ace3|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031456Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:18.766{6EDEAD03-0CA2-615C-6E06-00000000FB01}5484C:\Windows\System32\rundll32.exe10.0.14393.4169 (rs1_release.210107-1130)Windows host process (Rundll32)Microsoft® Windows® Operating SystemMicrosoft CorporationRUNDLL32.EXERundll32.exe apphelp.dll,ShimFlushCacheC:\Users\Administrator\ATTACKRANGE\Administrator{6EDEAD03-FF61-615B-7756-1D0000000000}0x1d56772HighMD5=23DB802097F7B7E520E40068A7E68B14,SHA256=28DE7D3E8BF4B19E44063A4BFC2E7C30AE488CD9A1F63320ED374E14AAECA667,IMPHASH=7D1CE1BAFE48B63D9D19E8E0E5DF3E6C{6EDEAD03-011D-615C-0205-00000000FB01}5428C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" 23542300x800000000000000031455Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:18.689{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4282F488849138BAD0DDED7126E896F6,SHA256=1BF8AB4D50CE117355A75F7F108ADADE9CB3A2F7EA1ED6D2A27C5739A042695E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015573Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:18.744{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C26C6635F5E91851156D3F2508634441,SHA256=C042EA3FE7AB5AE8844805B0CD1478B402D4AED3F084BB7256BA3DD35464C1AD,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031454Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:16.284{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52173-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x800000000000000031453Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:16.284{6EDEAD03-FC2A-615B-2900-00000000FB01}2912C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52173-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x800000000000000031452Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:15.754{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52172-false10.0.1.12-8000- 23542300x800000000000000015574Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:19.879{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B24268384B6273C423C969C4CBE8CB5,SHA256=5676A893E9B98750D02CD07D39284CB7BF290EA12CBD6466B84F891F49D787F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031466Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:19.758{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A7601886E398C93768A84CB56A7AA0FF,SHA256=A161C7F4AFDD1FA208E9300155CB96733FDA18AD167D010734E43271DD500405,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031465Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:19.695{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E2CAEF83D1C90FE1A6948ECB78C73025,SHA256=4BD71523050512DE463910F3FCA8CD99D572B8C5BAFA290AA62B79132A7AC42D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015575Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:20.973{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4F72A3D7123766EFD15E434CF685FB7C,SHA256=67FE2F7C44DF0BBE7974D4C24E92332952C6D773F5BA76DB23DAC1FFD5CD9BBC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031467Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:20.711{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D7CCAD4CF1D2D57E72F646DFFB1475E3,SHA256=A7CBA90D127BC06E9F51820A6DA1928E2D07B2EDD637075E5A66B5368DDB5435,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031471Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:21.711{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1F0879EEC7556EC91E311F20CFDA7626,SHA256=8E9310325E690B558E6BF1E4658A62967D557650BF4E2EA008969885E667F3B0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031470Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:21.445{6EDEAD03-FC1D-615B-0C00-00000000FB01}8485000C:\Windows\system32\svchost.exe{6EDEAD03-FC1D-615B-1500-00000000FB01}1240C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031469Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:21.445{6EDEAD03-FC1D-615B-0C00-00000000FB01}8485000C:\Windows\system32\svchost.exe{6EDEAD03-FC1D-615B-1500-00000000FB01}1240C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031468Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:21.445{6EDEAD03-FC1D-615B-0C00-00000000FB01}8485000C:\Windows\system32\svchost.exe{6EDEAD03-FC1D-615B-1500-00000000FB01}1240C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000031472Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:22.711{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=297E4EDA0B61559D03ED42CA197519AB,SHA256=D5AF5FB5B49AF3329613D8A564F4D8F1A8628BA80F61E9A2DA9A72A8BF6D4312,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015576Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:22.208{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8DD2DB73CFB285F5C72E5825EEAF4E36,SHA256=17C7849349F4914CCCE6E7CCDDFE661A62826A3BD0C8F715D35D660C50A6B234,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000031476Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 08:28:23.727{6EDEAD03-FC2A-615B-2D00-00000000FB01}1000C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\8EFF07E0-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_8EFF07E0-0000-0000-0000-100000000000.XML 23542300x800000000000000031475Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:23.727{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E52CE8F87AB385466B84720A19F70AFE,SHA256=216B2EF11473695F6635A8496B9466A4122AEDDFBFC6CDF963D8BAA2FF2C190B,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000031474Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 08:28:23.727{6EDEAD03-FC2A-615B-2D00-00000000FB01}1000C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\3921F692-FD43-40E6-838A-1597F7469C61\Config SourceDWORD (0x00000001) 13241300x800000000000000031473Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-05 08:28:23.727{6EDEAD03-FC2A-615B-2D00-00000000FB01}1000C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\3921F692-FD43-40E6-838A-1597F7469C61\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_3921F692-FD43-40E6-838A-1597F7469C61.XML 23542300x800000000000000015578Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:23.256{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5E0D45ED0E7BAC8122E6D08E1E1CF8B9,SHA256=F0C5B3EC7DABFC3573AE86911590B578C61D28E72501F9F077A39394CF3D17AF,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000015577Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:20.198{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50445-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031479Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:24.742{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=361918E5EB96B69E1D71D3048E9FEAD2,SHA256=44C1CBF96CDC615E97E7BBC040F26282B108D33DA0FD528A2C4DACDAAFF92020,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015579Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:24.491{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E46FD35068499B377A2A22CF6CA0C005,SHA256=086CC8BEF01B3B29553DD47D0037D59C38BCA5F28D04A8B92EBFF012425572C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031478Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:24.727{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=629BF1A01AE0C7D47C2EBEAFFEF761D1,SHA256=465BBD3BB6BFBAE7F5DF9B64B1F4A3140CC158CFC448B6DDA9E0178783B3AE86,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031477Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:21.744{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52174-false10.0.1.12-8000- 23542300x800000000000000031486Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:25.742{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A063AC2C0D49E956F8A345F269E0965,SHA256=C9B362C97711996E54A04E22792AE0ED86F7072BD9AAA566D2CD800C295C5C1A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015580Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:25.507{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EFFA34BDB81456E384C4D80F0D326B5C,SHA256=CED7141230666628E5564ABAB3ACBFA10D3EFC747F69BC120ABB2FD260A8C88B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031485Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:23.343{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local52177-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x800000000000000031484Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:23.343{6EDEAD03-FC2A-615B-2D00-00000000FB01}1000C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local52177-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x800000000000000031483Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:23.333{6EDEAD03-FC1B-615B-0B00-00000000FB01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local52176-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x800000000000000031482Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:23.333{6EDEAD03-FC2A-615B-2D00-00000000FB01}1000C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local52176-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x800000000000000031481Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:23.308{6EDEAD03-FC1D-615B-0D00-00000000FB01}908C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local52175-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local135epmap 354300x800000000000000031480Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:23.308{6EDEAD03-FC2A-615B-2D00-00000000FB01}1000C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local52175-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local135epmap 23542300x800000000000000031487Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:26.758{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9E6824F0A2E0A84F8CDD3524351CF35C,SHA256=BEBCEEDC0DC23A7E5A74EEFB2A784F702A1090A14DE9C029AD34DF31A7E64C57,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015581Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:26.632{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A7FA994CA3B56EA37E3E82B63A2772A0,SHA256=93D26A40C19047603040D6399AFADD53FAE33D2211C07E63D4FBD7B82496AC6B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015582Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:27.867{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=644DFCA721D2EC14012E2B2E80C0ECD9,SHA256=B608571C45122D21A02DC7B46840F2BBC2A117109EB383629876080BCE421C09,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031488Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:27.758{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3745E56A64DD34A16ABABE60487833B3,SHA256=6FBED37C396D46D0FD91F457C0A1A6154D391C1E6CC0C0A97304D193AC91AFA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015584Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:28.899{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F9C71F1313A006426EF9FD9B2E8FCE17,SHA256=70A89BE77A38616CDC6086F1A86EC2EECC0DCA61A93F1B85E84701BB4EE0DCC5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031489Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:28.758{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB8C6BEFFA82CFC2D1720FC29F35E66E,SHA256=87F0E457E3066953C7017535582E19AFF5840DB97DE669C2BB0EE4C0C6D67B07,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000015583Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:26.076{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50446-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000015585Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:29.961{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=495931C9D3E47C0B68A95D5CF10FB6E3,SHA256=0E5454216E6CD252DD1FA2BD851C835B1E80D97AF83985FC30E352085A43B245,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031491Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:29.758{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CA761A4DF34786C6D2E7771C472CC3A4,SHA256=77412F73ECCDD7EBCBA79EA47550DA173B446B1AF04128D9E1B6BD7BE737DE5C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031490Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:27.744{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52178-false10.0.1.12-8000- 23542300x800000000000000015586Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:30.977{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=841126763890E6D9985628132B3D8330,SHA256=4FA60B828B49ADEF7E32EF20DA51865CE0411375384D5DC92A5E0938309859F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031492Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:30.774{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=619557719396332A7BA1E86CDC256944,SHA256=8F9DD062D847A9A2A0FF07F0305A6A8A705B341B881EA3C5856AE13F76F685D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031493Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:31.774{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=417DEA27071BE6BD1FF7934253A964D1,SHA256=D55832358027FBA6A7B11BCA612EBA1E886836197A07442AFF60FFA9DFFF6441,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031494Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:32.774{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D4CE1FC27E99957A0D2F729D4A9BB985,SHA256=3F33C1AB29A5379E3D21CF4441BE33AB1EA64C0A67D7455C7D18735C35C384F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015588Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:32.508{49C67628-FDEB-615B-1100-00000000FC01}964NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=1018B17AE0456B7A438507DC8B5A7C0A,SHA256=D6189A2E41E7A802CFCAE27176A4D2949A0B67656C0975C9F5D489A21107DBB1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015587Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:32.055{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2CD38B0C0C47D4BE34EB64886D82D6A8,SHA256=77ECFF2D6F8423AA44C0AAA944708066BC33112F571D1CBBD335A3209781A69F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031495Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:33.789{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=52BE19194D954435F653855EA7A503CF,SHA256=6D87A20627DDDD8A251DC896451DF55488AD172D3D82B2ADD5BD6D81D36E1090,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000015590Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:32.093{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50447-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000015589Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:33.274{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=767EFEBBC3AC3C091E79FD959A5A6A32,SHA256=003468C9CA780CE44AF4271003FB81BE057832BF153D43380E605C5B98472420,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015591Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:34.508{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=84031B8714F7E68E1FFAF44A1CFDA2A4,SHA256=DFEC31759A94FB9D39B7AD5EA167FF11DB552D515B80CAF6C4B07EC70A5BE6AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031496Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:34.805{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BAB40855E7ED4A3B56DDCC72402D5176,SHA256=2B18E03A7D8360C1A0198596FE4413DDB73DDBE43CF11FD5D3B15B9B7A606989,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015592Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:35.727{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40BEE6CBA0434F919FE1FE37BD4933EE,SHA256=E52F1C0E6B4F5EDFAEA0E9175818A202FCE5477B51911D2AAF5DCA831B8A4277,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031498Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:35.821{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B6D8CB184AB61433CD3C251381AFC541,SHA256=032F8A62D0F58D29DDC57FB5B6C6CF0E09EF96D562A73DA0533443C34DC49095,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031497Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:33.728{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52179-false10.0.1.12-8000- 23542300x800000000000000015593Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:36.774{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C4C35B653699954C3FDDF0325C35C598,SHA256=D083AFF951F81B85169A95AD6550D9708D8E36EB3DDD79B3D1C750F4D2388FA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031499Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:36.836{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9CACA811CB14AA8F3B62C2B0B05DA479,SHA256=F247E4B991D50B40C030558A7696C024E4493D1DFFBAA2640C49E7CAD0141EF1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015594Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:37.993{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C6162155A4D3219939DC3057002D47A7,SHA256=0BA8B41006B4C9A6BBF15FDF8069CE07F6780E2C365FACC6DE940CE06774B7C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031500Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:37.836{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A88B09B4F3C369C97A015017D583BE68,SHA256=67BAE3825AAE4C332B15B1FA8EC90BB844A4D7C16B5F0ABBAB4BB5BD2E57DA01,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031501Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:38.836{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=53AADFA9AF77D87050138917264B962A,SHA256=3DAE1D0D7BB50D5D589B8402D8626A21013C29E2328255229752964078C24620,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031511Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:39.841{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE347002F9CC8855A3B9830208C63B71,SHA256=6ED99E264BC704CA239B420E6378830F7307A2124F181F4CD28E39ED123AE730,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015595Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:39.133{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EA01814E29FBB9D14DD6BBBB9DE02FEA,SHA256=D991AB952474895465C01CA852FF7FFA39769AF6B9E111E1A13AB3388F708F5E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031510Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:39.731{6EDEAD03-FCBF-615B-AF00-00000000FB01}416NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031509Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:39.497{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0CB7-615C-6F06-00000000FB01}5608C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031508Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:39.497{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-0CB7-615C-6F06-00000000FB01}5608C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031507Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:39.497{6EDEAD03-FC1D-615B-0C00-00000000FB01}8485000C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031506Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:39.497{6EDEAD03-FC1D-615B-0C00-00000000FB01}8485000C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031505Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:39.497{6EDEAD03-FC1D-615B-0C00-00000000FB01}8485000C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031504Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:39.497{6EDEAD03-FC1D-615B-0C00-00000000FB01}8485000C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031503Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:39.497{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0CB7-615C-6F06-00000000FB01}5608C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031502Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:39.497{6EDEAD03-0CB7-615C-6F06-00000000FB01}5608C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031532Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:40.856{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F119C073288B49F80DB3D5747B9BEC0,SHA256=FC7BCACC1EF7E83AB920C00174A5B88BCF731DA9030019444908C2B5F29042FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015597Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:40.274{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8301472BB635804C341A3A575F745ACE,SHA256=B2EEEE6C28173A93B797F9DB319CE024AA7DC169566458600E5E2878B13FD71B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031531Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:40.841{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0CB8-615C-7106-00000000FB01}6152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031530Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:40.841{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-0CB8-615C-7106-00000000FB01}6152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031529Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:40.841{6EDEAD03-FC1D-615B-0C00-00000000FB01}8485000C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031528Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:40.841{6EDEAD03-FC1D-615B-0C00-00000000FB01}8485000C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031527Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:40.841{6EDEAD03-FC1D-615B-0C00-00000000FB01}8485000C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031526Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:40.841{6EDEAD03-FC1D-615B-0C00-00000000FB01}8485000C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031525Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:40.841{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0CB8-615C-7106-00000000FB01}6152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031524Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:40.841{6EDEAD03-0CB8-615C-7106-00000000FB01}6152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000031523Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:38.806{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52180-false10.0.1.12-8000- 23542300x800000000000000031522Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:40.512{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=181086B1D3D89CEC6E84A9FC787A4E3C,SHA256=3519D479A4B4702B6FEB54A5398584336AC783F42E281B38E124C47AB6C3895A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031521Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:40.512{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7FDFB788F5A4493558CB92D3F6BE2E47,SHA256=A553D945400EBAD7C681D46D5699EB68FB08C36E2AD3D7B2F1E61ADE30099508,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031520Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:40.356{6EDEAD03-0CB8-615C-7006-00000000FB01}6605244C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031519Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:40.169{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0CB8-615C-7006-00000000FB01}660C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031518Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:40.169{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0CB8-615C-7006-00000000FB01}660C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031517Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:40.169{6EDEAD03-FC1D-615B-0C00-00000000FB01}8485000C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031516Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:40.169{6EDEAD03-FC1D-615B-0C00-00000000FB01}8485000C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031515Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:40.169{6EDEAD03-FC1D-615B-0C00-00000000FB01}8485000C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031514Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:40.169{6EDEAD03-FC1D-615B-0C00-00000000FB01}8485000C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031513Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:40.169{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0CB8-615C-7006-00000000FB01}660C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031512Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:40.169{6EDEAD03-0CB8-615C-7006-00000000FB01}660C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000015596Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:37.234{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50448-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031535Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:41.872{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=01665228A9F837A05316A5DBED7E1938,SHA256=40441897154A15AC59D2EA38948D8F052E7ABD3E50D17EB3E5979B588228E999,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015598Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:41.289{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE07AA8DD1107B0DC088235AE514F617,SHA256=543C4DA0851C9499EAEA43A51406BC18FDA23B4CD98D2A50395B90454C674EDD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031534Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:41.841{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=181086B1D3D89CEC6E84A9FC787A4E3C,SHA256=3519D479A4B4702B6FEB54A5398584336AC783F42E281B38E124C47AB6C3895A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031533Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:39.311{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52181-false10.0.1.12-8089- 10341000x800000000000000031553Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:42.950{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0CBA-615C-7306-00000000FB01}6188C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031552Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:42.950{6EDEAD03-FC1D-615B-0C00-00000000FB01}8485000C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031551Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:42.950{6EDEAD03-FC1D-615B-0C00-00000000FB01}8485000C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031550Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:42.950{6EDEAD03-FC1D-615B-0C00-00000000FB01}8485000C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031549Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:42.950{6EDEAD03-FC1D-615B-0C00-00000000FB01}8485000C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031548Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:42.950{6EDEAD03-FC1A-615B-0500-00000000FB01}412528C:\Windows\system32\csrss.exe{6EDEAD03-0CBA-615C-7306-00000000FB01}6188C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031547Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:42.950{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0CBA-615C-7306-00000000FB01}6188C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031546Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:42.951{6EDEAD03-0CBA-615C-7306-00000000FB01}6188C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031545Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:42.887{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=767EBA2DCB00DDB2848D09408BB19B09,SHA256=2A00F4F699638BFB28A0334A16F67D4BD9BAE18666B01C21CAAE367C8CC17205,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015599Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:42.289{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=314793834D3EE6CFB9D9096345D85874,SHA256=3394441C339D207C6E085C4EAC0704202F0547FA0E3F03601CC5B7454B92BEBB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031544Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:42.622{6EDEAD03-0CBA-615C-7206-00000000FB01}55885328C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031543Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:42.419{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0CBA-615C-7206-00000000FB01}5588C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031542Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:42.419{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0CBA-615C-7206-00000000FB01}5588C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031541Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:42.419{6EDEAD03-FC1D-615B-0C00-00000000FB01}8485000C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031540Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:42.419{6EDEAD03-FC1D-615B-0C00-00000000FB01}8485000C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031539Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:42.419{6EDEAD03-FC1D-615B-0C00-00000000FB01}8485000C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031538Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:42.419{6EDEAD03-FC1D-615B-0C00-00000000FB01}8485000C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031537Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:42.419{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0CBA-615C-7206-00000000FB01}5588C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031536Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:42.419{6EDEAD03-0CBA-615C-7206-00000000FB01}5588C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031565Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:43.950{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9E89B7B2727B768361A0B271953D4FFD,SHA256=56769395DB9E09D69D5367CECFED12CE43B5D53737B35100D2223533DC9BC249,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015600Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:43.336{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=316C80AB2CE6C5B2056FB2E41E4E5BBF,SHA256=F1C09DCF20F8C55F2F4D99869C025171FF730C14A0A5E6FC5B85D55E5B5CFDA2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031564Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:43.669{6EDEAD03-0CBB-615C-7406-00000000FB01}56245336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031563Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:43.497{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0CBB-615C-7406-00000000FB01}5624C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031562Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:43.497{6EDEAD03-FC1A-615B-0500-00000000FB01}412428C:\Windows\system32\csrss.exe{6EDEAD03-0CBB-615C-7406-00000000FB01}5624C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031561Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:43.497{6EDEAD03-FC1D-615B-0C00-00000000FB01}8485000C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031560Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:43.497{6EDEAD03-FC1D-615B-0C00-00000000FB01}8485000C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031559Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:43.497{6EDEAD03-FC1D-615B-0C00-00000000FB01}8485000C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031558Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:43.497{6EDEAD03-FC1D-615B-0C00-00000000FB01}8485000C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031557Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:43.497{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0CBB-615C-7406-00000000FB01}5624C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031556Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:43.498{6EDEAD03-0CBB-615C-7406-00000000FB01}5624C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031555Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:43.434{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7FD550214578735B558EBB4224BAA8D4,SHA256=E75851F17DF2873C2AC1612386DF8BBD5577D3D37AAAEC765AA55BE5B8FC16D4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031554Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:43.122{6EDEAD03-0CBA-615C-7306-00000000FB01}61886216C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000031575Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:44.981{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2D7F4D6B4D7E6EF12763FD960CB1A67A,SHA256=29B4B60399E66560ADFCD30D40D0F8980E6920E2BAEC9EC62E7C820E50B87D48,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000015628Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:44.930{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0CBC-615C-9202-00000000FC01}2988C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015627Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:44.930{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015626Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:44.930{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015625Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:44.930{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015624Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:44.930{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015623Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:44.930{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015622Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:44.930{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015621Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:44.930{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015620Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:44.930{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015619Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:44.930{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015618Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:44.930{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0CBC-615C-9202-00000000FC01}2988C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000015617Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:44.930{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0CBC-615C-9202-00000000FC01}2988C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000015616Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:44.931{49C67628-0CBC-615C-9202-00000000FC01}2988C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000015615Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:43.140{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50449-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000015614Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:44.352{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=234F81398F3DD8641FB732681187E044,SHA256=9B1489EE359BDEA3B45C54731308838A288D4212F8008A26F701CF2648D236EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031574Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:44.512{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AF20D871EC04B7FF86BFB6D8D80BA756,SHA256=16BAD340A96C9E0A8650E85EB4440C704DC44646E43F6C68B4A537126F6D1EC2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031573Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:44.122{6EDEAD03-FCBF-615B-B300-00000000FB01}23322960C:\Windows\system32\conhost.exe{6EDEAD03-0CBC-615C-7506-00000000FB01}5932C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031572Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:44.122{6EDEAD03-FC1A-615B-0500-00000000FB01}4122304C:\Windows\system32\csrss.exe{6EDEAD03-0CBC-615C-7506-00000000FB01}5932C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000031571Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:44.122{6EDEAD03-FC1D-615B-0C00-00000000FB01}8485000C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031570Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:44.122{6EDEAD03-FC1D-615B-0C00-00000000FB01}8485000C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031569Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:44.122{6EDEAD03-FC1D-615B-0C00-00000000FB01}8485000C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031568Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:44.122{6EDEAD03-FC1D-615B-0C00-00000000FB01}8485000C:\Windows\system32\svchost.exe{6EDEAD03-FC2A-615B-2A00-00000000FB01}3064C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031567Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:44.122{6EDEAD03-FCBF-615B-AF00-00000000FB01}4162296C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-0CBC-615C-7506-00000000FB01}5932C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000031566Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:44.123{6EDEAD03-0CBC-615C-7506-00000000FB01}5932C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-FC1B-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-FCBF-615B-AF00-00000000FB01}416C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000015613Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:44.258{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0CBC-615C-9102-00000000FC01}1804C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015612Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:44.258{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015611Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:44.258{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015610Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:44.258{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015609Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:44.258{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015608Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:44.258{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015607Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:44.258{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015606Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:44.258{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015605Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:44.258{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015604Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:44.258{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015603Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:44.258{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0CBC-615C-9102-00000000FC01}1804C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000015602Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:44.258{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0CBC-615C-9102-00000000FC01}1804C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000015601Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:44.259{49C67628-0CBC-615C-9102-00000000FC01}1804C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031576Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:45.997{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7415D6CD60730503D7A35B4DB9C24EF3,SHA256=0731AE5E584BF4EEDACF1F00F2830DF4EC4D01D95714850FA2F3C46E7A111437,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000015645Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:45.571{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0CBD-615C-9302-00000000FC01}3044C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015644Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:45.571{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-0CBD-615C-9302-00000000FC01}3044C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000015643Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:45.571{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015642Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:45.571{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015641Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:45.571{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015640Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:45.571{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015639Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:45.571{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015638Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:45.571{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015637Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:45.571{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015636Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:45.571{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015635Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:45.571{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015634Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:45.571{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0CBD-615C-9302-00000000FC01}3044C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000015633Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:45.572{49C67628-0CBD-615C-9302-00000000FC01}3044C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000015632Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:45.352{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B384E9B20A785AB861D5FFBB82B69E95,SHA256=C89119674AFC912BE2487B49ED306F96BE28A9D414DE0A8872568FB37C2E7CA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015631Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:45.305{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=44C7D3E2784B88CD87364114E272C7CA,SHA256=F7183632DE525B786492B12A3A41DD1E524595CE0A0689FF5021B046AD286D28,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015630Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:45.305{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E653F523176D67235CA629A3F9AF5B30,SHA256=4593A524A32C052DF1CC55470A0962AE502FE49EA5C5E82ED300C18A57BAE44A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000015629Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:45.102{49C67628-0CBC-615C-9202-00000000FC01}29883328C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000015661Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:46.805{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=44C7D3E2784B88CD87364114E272C7CA,SHA256=F7183632DE525B786492B12A3A41DD1E524595CE0A0689FF5021B046AD286D28,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015660Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:46.711{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C1EEADA2112F452D93FF459F772F80DE,SHA256=4510B3E1DC85A4AC68B2CCED37CB1857EB1B3D77A31749E37CC9EB787E68DD7C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000015659Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:46.570{49C67628-0CBE-615C-9402-00000000FC01}27164024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015658Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:46.399{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0CBE-615C-9402-00000000FC01}2716C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015657Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:46.399{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015656Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:46.399{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015655Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:46.399{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015654Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:46.399{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015653Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:46.399{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015652Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:46.399{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015651Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:46.399{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015650Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:46.399{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015649Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:46.399{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015648Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:46.399{49C67628-FDEB-615B-0500-00000000FC01}416432C:\Windows\system32\csrss.exe{49C67628-0CBE-615C-9402-00000000FC01}2716C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000015647Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:46.399{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0CBE-615C-9402-00000000FC01}2716C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000015646Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:46.399{49C67628-0CBE-615C-9402-00000000FC01}2716C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000015663Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:47.992{49C67628-FE68-615B-9F00-00000000FC01}1772NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015662Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:47.805{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=05EC175CD45C541A02D4E4E01A98FE19,SHA256=77CAF188A556C75C9E729D184F8D54659D092A719679220ED40EED4736D820A8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031578Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:44.811{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52182-false10.0.1.12-8000- 23542300x800000000000000031577Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:47.216{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F519A2422A72F4B6B7F6C4BAEB98C9D1,SHA256=A3684AD2037E7B86B26A7D83F88369625BC2EA9F9D0814A370C8E3F69AEDB4B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031579Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:48.450{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=64571EEBEC26FF245D632108DAA53719,SHA256=5E9BCBF7C67846235453FCC53C9B3DD9943F4DF01F2C7F7DB6927038A6B4F73A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000015690Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:48.789{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0CC0-615C-9602-00000000FC01}3428C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015689Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:48.789{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015688Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:48.789{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015687Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:48.789{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015686Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:48.789{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015685Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:48.789{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015684Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:48.789{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015683Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:48.789{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015682Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:48.789{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015681Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:48.789{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015680Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:48.789{49C67628-FDEB-615B-0500-00000000FC01}416532C:\Windows\system32\csrss.exe{49C67628-0CC0-615C-9602-00000000FC01}3428C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000015679Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:48.789{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0CC0-615C-9602-00000000FC01}3428C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000015678Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:48.790{49C67628-0CC0-615C-9602-00000000FC01}3428C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000015677Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:48.524{49C67628-0CC0-615C-9502-00000000FC01}30643244C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015676Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:48.274{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0CC0-615C-9502-00000000FC01}3064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015675Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:48.274{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015674Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:48.274{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015673Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:48.274{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015672Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:48.274{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015671Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:48.274{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015670Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:48.274{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015669Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:48.274{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015668Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:48.274{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015667Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:48.274{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015666Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:48.274{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0CC0-615C-9502-00000000FC01}3064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000015665Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:48.274{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0CC0-615C-9502-00000000FC01}3064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000015664Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:48.274{49C67628-0CC0-615C-9502-00000000FC01}3064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031581Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:49.528{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2561FCD67660D44C30E703C1E84B4B0A,SHA256=0EBBF8C88C4295E42CC85B9B2C0A8358C1901FBE33D311728FF01FF5685D2234,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000015708Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:48.249{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50451-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000015707Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:48.031{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50450-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 10341000x800000000000000015706Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:49.352{49C67628-FE68-615B-A300-00000000FC01}33563576C:\Windows\system32\conhost.exe{49C67628-0CC1-615C-9702-00000000FC01}3496C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015705Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:49.352{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015704Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:49.352{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015703Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:49.352{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015702Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:49.352{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015701Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:49.352{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015700Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:49.352{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015699Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:49.352{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015698Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:49.352{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015697Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:49.352{49C67628-FDEB-615B-0C00-00000000FC01}728864C:\Windows\system32\svchost.exe{49C67628-FDEC-615B-2200-00000000FC01}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000015696Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:49.352{49C67628-FDEB-615B-0500-00000000FC01}4161032C:\Windows\system32\csrss.exe{49C67628-0CC1-615C-9702-00000000FC01}3496C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000015695Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:49.352{49C67628-FE68-615B-9F00-00000000FC01}1772588C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-0CC1-615C-9702-00000000FC01}3496C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000015694Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:49.352{49C67628-0CC1-615C-9702-00000000FC01}3496C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-FDEB-615B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000015693Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:49.336{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=61E4A73CFF15A18D5C459A135933B868,SHA256=4EE69981DC6EC85D22B35B9C3E2A3ABF21F2B7311EFC009C89E9902A3AA4A769,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015692Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:49.133{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F1997F0589FAD2D451CEA3AAE6DA69E1,SHA256=BBBC0FACA8EB981E6C29592939E30749EF125E2EDE65BB23097FF563AFA03B1D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000015691Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:48.993{49C67628-0CC0-615C-9602-00000000FC01}34282732C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-FE68-615B-9F00-00000000FC01}1772C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000031580Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:49.343{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211005071805-068MD5=AA6F78CCC35FD74424B933C975A9F779,SHA256=482DFC86E7C4A11E76E3E352EB64B396C84C083D9F57F37823883232EC55A225,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031584Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:50.761{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3D3094E870D2BAF44E046B07436719B4,SHA256=2F5A10ACE2DEFAF1FAF6243A35B07EA57F58B2106D6EA557ED9022A81F775AFA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015710Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:50.383{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E5790B689D6B2A936207D2F377EF9C15,SHA256=4E8B41F55D0FC1223E1FD97B23190199C5CFA2A8C2959C2FE0410824006A6B01,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015709Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:50.242{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E5DAFF3B2C60B212EE700D8B7049CAF,SHA256=A557F424A153DC9F6A31C94185A2C8DD21E10F8A2484E5AEBAC37995AA2661D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031583Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:50.729{6EDEAD03-FC1D-615B-1200-00000000FB01}616NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=448AF4D0D2C4A88699223CFAD53921D5,SHA256=EF418351ED0EA329A307EC2EE1FE4CAF8480D1CC68D850302F2A2985AF2F6B64,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031582Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:50.357{6EDEAD03-FC2A-615B-3000-00000000FB01}2280NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211005071802-069MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031585Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:51.779{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=589922FD318DC42265CDC01AA1407AC8,SHA256=0BA74F743EAA968D44C589628F0BC1322AEADB6F566306C5DCBBC15E3D9382CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015711Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:51.383{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6731253DF3D54F75D23EC0D3C9C88ED4,SHA256=92392C876B910D2080810CC35A08A741699AA39452029801BDB42B57807208E7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031619Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:50.827{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52183-false10.0.1.12-8000- 23542300x800000000000000015712Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:52.430{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2900050B5C1D466C11BE6D1EAFF58942,SHA256=66C26DC9C366B8B6022395C687CAD89C3E111A67D807F9411476BACBD3193E53,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031618Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:52.373{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031617Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:52.373{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031616Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:52.373{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031615Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:52.373{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031614Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:52.373{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031613Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:52.373{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031612Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:52.373{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031611Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:52.373{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6E-615B-2103-00000000FB01}5980C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031610Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:52.373{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031609Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:52.373{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031608Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:52.373{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031607Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:52.373{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031606Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:52.373{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031605Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:52.373{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031604Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:52.373{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031603Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:52.373{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031602Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:52.373{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031601Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:52.373{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031600Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:52.373{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031599Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:52.373{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031598Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:52.373{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031597Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:52.373{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031596Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:52.373{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031595Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:52.373{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031594Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:52.373{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031593Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:52.373{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF62-615B-F802-00000000FB01}5052C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031592Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:52.373{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031591Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:52.373{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031590Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:52.373{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031589Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:52.373{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031588Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:52.373{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031587Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:52.373{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000031586Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:52.373{6EDEAD03-FC1D-615B-0D00-00000000FB01}908932C:\Windows\system32\svchost.exe{6EDEAD03-FF6F-615B-2203-00000000FB01}6020C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000015713Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:53.430{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FE97D5BA3AEDB6DA21AED2420DD3F239,SHA256=5CC97EF27B54D0182341AC09EA2C11F7F7EB828A3BCEDF1AD78AB14094D16E92,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031620Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:53.061{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F23B01D29FE3698E1145B5F66BC3652F,SHA256=52433FDB8FB8CD8A7B4CEA991DF39A7ECF785FF5CCC9E303D4C0EAAD15FD387C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015714Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:54.445{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=785B2EDEC3759452BA1D35DF7B4A0E1E,SHA256=D073342B45AB9C4346D1EDE6783E5EB28EBE4CFA957CB2D40F6684B3CB990472,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031621Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:53.998{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB4075992A8BD3719FDC69C19F266424,SHA256=F4868D8F4CD3405B48258DEC9C35FFDA8B52AD69289595A917CE1D7C96133864,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015715Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:55.461{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B415A331CE264086E4A9FE1F8C7A7991,SHA256=4F7133636184FD166343D64F9BD6784E45290279F135D812AA4D54769F88D1AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031622Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:55.092{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=31C89B5723545CBBB45F3AE6DFF53B7B,SHA256=3689A705A70FE1BAF4875A48C642974A85B1D52DAD6ED97AF34D08BCA73B6C7A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000015717Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:54.108{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50452-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000015716Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:56.476{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E24BE270F45C70C4877A8B48A1A7B1C,SHA256=84EAF523F87559EA0BC783C2021DAB71E8A78B5DAF100481FE3D3D7CB408075A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031623Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:56.107{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F25198430F098A933BFA7B269BF4D29D,SHA256=3C741F7AC75710BC1290320484A896F5910C1FE0CACB9D9EE5DF15B96E7F7156,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015718Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:57.477{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D78782C58217B18B26CF7D5103AE468B,SHA256=DE5731590D3722BCEA6375CFA26107F466E443AB77BC4A25D90A5448537390E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031624Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:57.123{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=52A14B146599EACE67188B71625BAA9C,SHA256=5CC1F0B51203C803404373F1DB2844F24789E8B489F3132C2D6916BC2F9A0CB1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015719Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:58.602{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5830AE457382622E48609FDDBD70DB73,SHA256=858D34B5AB3CFEB71946867E712513856891D4A962E0400A29CADE175E6DBBD1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031625Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:58.170{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D6BDB387D68BCDF0C1624AC42F7CE84,SHA256=55A88817135C406E62665AB556A06CE4B3F135D7D94E6041B4B12349080B6F9A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000015720Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:59.834{49C67628-FE75-615B-DA00-00000000FC01}2020NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C0A7DA385D591BE6B38AFC71B58A452,SHA256=4E1A4FDCB18606745B438978F16928EC20CF4F5719F99CDD171F3DB2FF60C8AE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031627Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:56.718{6EDEAD03-FCC6-615B-DD00-00000000FB01}2220C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local52184-false10.0.1.12-8000- 23542300x800000000000000031626Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-05 08:28:59.170{6EDEAD03-FCCC-615B-E600-00000000FB01}4048NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=30BF1F92FECF3E4EAC4CAF7364348892,SHA256=6208759BF7990BD72E6C1B6C5669919BCCD3C59C6FB5A6557266C7B7CD5220B7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000015721Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-05 08:28:59.249{49C67628-FE6F-615B-D100-00000000FC01}976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50453-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000-