10341000x8000000000000000238120Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:09.940{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E725-615E-7F01-00000000FD01}6584C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238119Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:09.940{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238118Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:09.940{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238117Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:09.940{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238116Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:09.940{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238115Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:09.940{6EDEAD03-E19E-615E-0500-00000000FD01}420536C:\Windows\system32\csrss.exe{6EDEAD03-E725-615E-7F01-00000000FD01}6584C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238114Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:09.940{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E725-615E-7F01-00000000FD01}6584C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238113Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:09.941{6EDEAD03-E725-615E-7F01-00000000FD01}6584C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238112Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:09.440{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7EE4937DC2A82D2FE4516C70AD968BFC,SHA256=118F195C39CFFD0E14D81DAA57AB3AF7B14E19CC8F499BBDAF7BEEBDE448191A,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213300Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:06.837{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49984-false10.0.1.12-8000- 23542300x8000000000000000213299Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:09.131{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ED61C6D53FE5DFF9343142A4B86BF2BE,SHA256=734CC073CD3B31A12231A4EEDB5250D5CD31CE07EDEAD77B654B465867E17C3D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238123Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:10.940{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D13ED02C940DE2E1B7B2CC5C59DE357C,SHA256=8DFB1D648C85C8FA1CE725D30291F859E40B936CB92F8721539FB219DFA9C8D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238122Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:10.440{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D19A4FB0EEDB6647ECCE984AF9F153A,SHA256=ED8123B9D77275422FCA69C0283A5A4063DEFF07B3269BC3FEC397EA31E33AAE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213301Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:10.131{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=928F3969468DF0D4B309CEDF1EE44A25,SHA256=9F5C6C02177FDE6450B12584643DC6BB32B15427C04BCF620234F20C9B75CA83,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238121Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:10.193{6EDEAD03-E725-615E-7F01-00000000FD01}65845124C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238141Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.776{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E727-615E-8101-00000000FD01}6556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238140Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.773{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238139Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.773{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238138Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.773{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238137Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.773{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238136Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.773{6EDEAD03-E19E-615E-0500-00000000FD01}420436C:\Windows\system32\csrss.exe{6EDEAD03-E727-615E-8101-00000000FD01}6556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238135Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.772{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E727-615E-8101-00000000FD01}6556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238134Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.772{6EDEAD03-E727-615E-8101-00000000FD01}6556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238133Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.477{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7A537A7CF4B2C15565EEE88B341E5C0B,SHA256=47864E7390DCA6202900CECA9D3DF1491EC99B255D92121174F91082DA3F06CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213303Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:11.133{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19F3A9D2CDA9E9C838830DE9006CEEFB,SHA256=3393CE08FDC378F770674B0BE50FE9281C3457A5C68B313A4FF8488B478D5075,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238132Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.340{6EDEAD03-E727-615E-8001-00000000FD01}3445852C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238131Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.109{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E727-615E-8001-00000000FD01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238130Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.109{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238129Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.109{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238128Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.109{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238127Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.109{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238126Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.109{6EDEAD03-E19E-615E-0500-00000000FD01}4201708C:\Windows\system32\csrss.exe{6EDEAD03-E727-615E-8001-00000000FD01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238125Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.109{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E727-615E-8001-00000000FD01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238124Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.110{6EDEAD03-E727-615E-8001-00000000FD01}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000213302Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:11.089{49C67628-E19D-615E-1A00-00000000FE01}1804NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211007120136-022MD5=9D4F391515175B78F973C8B5B774DE70,SHA256=E6B13D39A78F2A37A848863A5E3913D5FD4B55347F92E521523460DA93139266,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238152Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:12.524{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E728-615E-8201-00000000FD01}5996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238151Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:12.524{6EDEAD03-E19E-615E-0500-00000000FD01}4202412C:\Windows\system32\csrss.exe{6EDEAD03-E728-615E-8201-00000000FD01}5996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238150Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:12.524{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E728-615E-8201-00000000FD01}5996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238149Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:12.524{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238148Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:12.524{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238147Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:12.524{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238146Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:12.524{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238145Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:12.526{6EDEAD03-E728-615E-8201-00000000FD01}5996C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238144Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:12.493{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D7BD1CFD8642CE8DFA6FE69EE3F9C02D,SHA256=A790F2A0DCF8C387ECF2D31C52B28E620FE250E79182222B3A616C1BD3ED87E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213305Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:12.149{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A580C918225B2C9A9DE200256995B08,SHA256=0BA04A69C89072DC21063BF756CFF6986A046919388046711261D47FBAC20EFF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238143Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:12.124{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5DE211FE4198CB5B7C3E36E28D20CC10,SHA256=8B861E619A368A3A38EF0AC5529A409194B23749619FC27C215B9174C72D1E8C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238142Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.993{6EDEAD03-E727-615E-8101-00000000FD01}65567088C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000213304Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:12.103{49C67628-E19D-615E-1A00-00000000FE01}1804NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211007120134-023MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238161Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:11.980{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64807-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238160Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:13.677{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=5D3401EAE44C1004A8A899737D6DB512,SHA256=7CB0FDA7354FAA93A4A53A4791C1059918EFEEA4FF1A3A24A17C70B7A322752A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238159Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:13.672{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=371F5220BA72A2A7BF661D03D32BB9B8,SHA256=2A0A6FC5434590E49CC10C76EC6AF7426C172FFFF639DA97540994141D494FBE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238158Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:13.655{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=45F19DBBE50B09BF3399083DD9550517,SHA256=2C2A1CCF320568641A5DAD95838B5529E270463081A1E52366F2F86BBD930619,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238157Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:13.655{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=7C011A86854973D35A3C2517CE72C8F7,SHA256=0A136CF50DDE34085B1E025C54C9E2517664837EBC9FEF5AB5C79441C10AD607,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238156Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:13.655{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=D814916E9EABDC88F9EE11E44D0F1D63,SHA256=302E5783D73CDECDD351F067A844DDC05E2BA97D94A7437BB07A7B052D714B2C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238155Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:13.655{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=3BC70E0C20C811F54C897DF0B7E559F9,SHA256=320D12582A358A51D354577D8D6261C1A26B1B6B2653A0FF1D993F992F2794D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238154Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:13.524{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F863238F7234391FBC127046355ABF5C,SHA256=9784778DB18EB357DA75D9A3077BBE856F681F5570A7E9D5E5C83F7652F7CC62,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238153Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:13.493{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2BDDE3C23E136059CFDAE580E1E060DE,SHA256=B95274FBFC710A8AE25E71C84221BD8F81BE4D09B3ECFEBE556613A7B65CC73C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213306Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:13.150{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=84DC83E3B79CB48442D0D47F6E9B3834,SHA256=27A4AF806FAA9954A79DF568DE3A3B5D56B72DB195F424BE91731546F0AC8AFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238162Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:14.495{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C950CE76A3B37D412CC8D532156D62DF,SHA256=E54363E3EC390182A5A310442301BE87CC5804A5D5B00006C5C13527FEC43F56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213307Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:14.150{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E52D0F25B96B368CA433EF361782E526,SHA256=CFAB0FEE9CFF61066EE078EC110989D2FDC88EC12775E7402389282FCD3DC8CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238163Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:15.510{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DEC964949469EFB71BBE36E20584E89F,SHA256=0BFB74F9203F58D0B9766C82E4C7523D8E6141055211D52E61ECA1F69B15CC16,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213308Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:15.166{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E291D2262E91F0D21A9A58C9970DE5A,SHA256=251C71960145B02F4E496F5D828E1EA38337D7C2E47DC9139F4C6D45B38300E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238164Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:16.527{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=04C36230D47103126D18F390A529BBB1,SHA256=5780C9CD1A8FC7A9CFADFC7220B10D7EBE7D1F60809369B9C3FE0A1F84E3BDC4,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213310Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:12.761{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49985-false10.0.1.12-8000- 23542300x8000000000000000213309Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:16.166{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D014651E883A1F545BE6D53AD7C826DD,SHA256=614BA36770FC804A7A99DC347324731C41205EBC78214A4D0471D29962AB080F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238165Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:17.528{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5D2BCEC25029A0F7FB6051E57C3638A2,SHA256=CD23F30983E0FC3758D24D7C9DD4B2ABC5B767825B7A04F5830A2B4A5D31AC0D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213311Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:17.167{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5C81301549CEF2BD4B0A5FFA3CED1A88,SHA256=5E84DDD6AEC7A3ABFB28B25D30AEA09E96FDCC4EC1FD9F3F7F5A5E54E01026E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238166Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:18.542{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=244C4E24C300F68CA26E678DD41D57F5,SHA256=9530B8D640E4F92E2319CD59A96DEBB9E61BEF507A4D0F5E5EB272518A94CBEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213312Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:18.167{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D73859A07D61458738ED982576A1FAB,SHA256=788A9DDBE59EDC0B9FF9251C7D3645CF21116C9964729840D7C13C62120499A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238168Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:19.558{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE2CC3E7962AED408F6EE32CBE391B24,SHA256=EB67375F159D21353F17AF373250E9E8A8710B73EBA00D1F770F33D2C483A108,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213313Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:19.167{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FC493C31C7B309494363C454520013E9,SHA256=5A78FDC62E1B4351EC1186E52CAEC297D2FEBA24CBDD4D3192D1D5E9D0C82D86,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238167Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:17.136{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64808-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238169Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:20.558{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=15BD4CD19ACCE97A03E54DA4957301CC,SHA256=F385E2E3523C13F2706E16A7E7E46C4C879E2BC7E147BA23022E4E5E2BE1BB9E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213314Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:20.167{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=99CF6901E22CBA09F00BA2ECBF566B8D,SHA256=1D18CBEE74AA0007B1A4C26B53B0A306723C402EE000C8CDB3B016F31ABB9EB4,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213316Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:18.714{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49986-false10.0.1.12-8000- 23542300x8000000000000000213315Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:21.167{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F547DAAE22030473F71B22C461ECFC37,SHA256=68C9B20074CDF674295F3FA32C93D5F1B6C0263BB16B86BE42E424EC9105DFB3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238170Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:21.559{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4F07CFED1AF02FD84CE12BAF94310A19,SHA256=9B23899DAF5A018760DCB5096149ACDE28B873F85F500B2ED82759764997E772,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238171Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:22.560{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=27DF5D2F41640CE81956E3A40D5DD072,SHA256=790221F937176EE6F472D07C8763BDD5849CA61B059E176819B0EEA9E4CFB684,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213317Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:22.168{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C18BCB5BBEC3BC4AD5899FFC2583A03,SHA256=4151F50FE7F1FDF9B6BE91372FDBDCC69D0C8E75AA5B98370D3C44F3C6E4155D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238172Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:23.578{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0A45ECF136CBF45CDE6B838FB742393D,SHA256=1013F3B743FA2F81DA04A455C5A98864677593C7C1517BB20EA51592FC23B4C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213318Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:23.168{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=45EEC5C3BAD095F66FA0C1888000E0C2,SHA256=C40BC5DF9238E8A90BB7BE0042F38C49FDC45CA97E2E97DC399D72186A31E8AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238173Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:24.595{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=271DC5DE8BB2CCA6779A3CD89DFEBCD5,SHA256=031777358EF0A8AC4A809509E118611BF02EAEACF3FCC07A1D3767EA35A88945,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213319Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:24.168{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5E6AD2AC14E756EC1F56B55EAF136629,SHA256=B861DF59128E857722D4A2A69B34FC7A533235A144C6D91E4B80CC332478AC69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238175Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:25.596{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FF2B24392BF605A351155CCCD7950768,SHA256=9699A2837476DFA2E256172A3184B40828BE1F979104742A5C9CF500E1F939E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213320Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:25.168{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BDD5F19DDCC4B155617FE113723E1C42,SHA256=0FF25ED04E69590867CF754021A564AF5CE397BB6BA48F2468B39DEF28CD6A44,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238174Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:23.037{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64809-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238176Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:26.611{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4DD32E3AB9AF2CDA4FFAE45D1025452B,SHA256=4ED24F29A5F425A89FB3BBB8F0B44B96E3117B1BE3C7C4C15D81B789EB46F41E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213321Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:26.168{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=798322F61A9F07A74932219FCDDA9186,SHA256=87141481F2645699A40DFE84FB39015452CFCFDD67B863AA9BE7EBA41694DF0D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238177Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:27.616{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=689BBAB1172E1E10D64271F0422F34A0,SHA256=3727D60E82E10608D22C6ECA394662BE678DC6D9146C9BE55F60D432988A1934,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213323Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:24.699{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49987-false10.0.1.12-8000- 23542300x8000000000000000213322Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:27.169{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BCF2AF2A0F612B19A9D1C94F224B9A15,SHA256=D2D84D0EC5D5520F4BFA7723D21FEA38540A80E00430AE47A5B8272ABDDA9E48,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238181Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:28.683{6EDEAD03-E412-615E-EE00-00000000FD01}49645072C:\Windows\Explorer.EXE{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+55a10|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF8018E0DB8A8)|UNKNOWN(FFFFFC203A2A5B48)|UNKNOWN(FFFFFC203A2A5CC7)|UNKNOWN(FFFFFC203A2A0351)|UNKNOWN(FFFFFC203A2A1D1A)|UNKNOWN(FFFFFC203A29FFD6)|UNKNOWN(FFFFF8018DDF3103)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5927b|C:\Windows\System32\SHELL32.dll+dac2a|C:\Windows\System32\SHCORE.dll+33fad 10341000x8000000000000000238180Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:28.683{6EDEAD03-E412-615E-EE00-00000000FD01}49645072C:\Windows\Explorer.EXE{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+554f1|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF8018E0DB8A8)|UNKNOWN(FFFFFC203A2A5B48)|UNKNOWN(FFFFFC203A2A5CC7)|UNKNOWN(FFFFFC203A2A0351)|UNKNOWN(FFFFFC203A2A1D1A)|UNKNOWN(FFFFFC203A29FFD6)|UNKNOWN(FFFFF8018DDF3103)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5927b|C:\Windows\System32\SHELL32.dll+dac2a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000238179Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:28.683{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms~RF15f650.TMPMD5=C58952CF47A40E878145002B738FDDA8,SHA256=5246515B04772B58453EE8E8C5C9C6E9F2B2DADF381EDC92D5E1CAA1130C1630,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238178Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:28.630{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=41C73B698492475B786F35F96DF709B3,SHA256=540E62D64C9CFD7B6F6B74898C38E1A8D88AD697303D09E42FEAD4F00CDBA166,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213324Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:28.169{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0078E165E25D8E74B6E85E65040A0958,SHA256=5E3656616C4FB2D9ADD02D428839E6F96784457C4BE6A7FC226EA6D253CF754E,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238184Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:28.087{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64810-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238183Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:29.647{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=643E4A88F2B83CE3A4041DAD60A54055,SHA256=8D568C1768C2930DEBCC97C5A1CE73DD2B04944AF51A9BEAB1A82CD7B478E432,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213325Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:29.169{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B367782A3490A34DAB963EBFAFC566FC,SHA256=33E76BFD31B05CFBCE5CA5B91F4835D4C103D60F4913DB58334C3E726DA33F85,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238182Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:29.381{6EDEAD03-E1B0-615E-2600-00000000FD01}2868NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211007120155-022MD5=CF99E2CB113D8D2DCF43ED5FD96B633A,SHA256=1FA348E6AF774F9DE3BF8065B0725E0F0BD5741AF42D4AB3E9893B22D98D3DA4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238186Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:30.647{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=52A5155D98A98433FBC8272355BFCF6F,SHA256=B613E5C5FF4F56BB4FFDEBDD07A635C577C2D98AFDBBC65F126B3E1118ABC434,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213326Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:30.169{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E94268EB870C49733EF048D9F1434E96,SHA256=BB0E11BCA52850AD0237548F86A2258229A2EAE33B2CD675F7AE7D27A39A39C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238185Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:30.379{6EDEAD03-E1B0-615E-2600-00000000FD01}2868NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211007120153-023MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238187Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:31.648{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=36564D373447C637702FB7A3F19ED0D9,SHA256=578DAD59EEF63AE40DE1A35BDB8DDA1DE0BFA4219A260F56C7D48353E8F7E701,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213327Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:31.169{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A21B95F9CBD2824B619B52F8054231D5,SHA256=BFD4070911BEF34576D252B077F8ED538E4E5CB188BB2858490BAD772F74D777,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238188Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:32.668{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4FC78284BD6A8E9855C6C23FBE541D2F,SHA256=EE50429FF036849BEF5108A592A5018C1E9930D91F289AEFE8305D732AD4A0C4,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213329Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:29.746{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49988-false10.0.1.12-8000- 23542300x8000000000000000213328Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:32.185{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D6DDEBE3941B50547098753C9A51D20,SHA256=CA10DA29465992189DF6D644CB4D9C807B629B2C16A548A67FF565AA8FE61E60,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238189Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:33.705{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EDDE1488626439A4A7F8840EDA337953,SHA256=60973BF07071F0C97CADA44B3C51E7D15B08A3C8B97C370F872DF36729CB89DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213330Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:33.185{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=17EDC82D36F4DF0761BD414CE42B4EB4,SHA256=0B915441415AFC429AD0E049D35389A1468E35E92203E0B10CAE21A0E9615FA2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238190Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:34.720{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=632AADED4BAF09388AA27BA3B15B07A9,SHA256=A36C70028D66C8571F03ADDA0745F6376085B24CF429BDEC3307329E13C4866C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213332Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:34.998{49C67628-E19D-615E-1200-00000000FE01}980NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=DE5E090438AC1941686187C4EC4C6070,SHA256=CB1F0465047129EE0ADDD9A30603B3453DDA7CBFB3EEF30DE2F50098A854EE60,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213331Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:34.186{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F3B7739061AA0E72DDDF2443326C938,SHA256=EFABD0577AB4DBC1E99D051342D5969E8C9848AF74D14EFF3D174EBBE4D3D0F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238192Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:35.735{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=30C3A146563D7ED1714E48DB6C7BAF5B,SHA256=031613C66BD55FDF419FB6F45D90D53785A92E147A98FBB11B96FC626DFBB2F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213333Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:35.201{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=272AE2E8D4B3530AD11BACCABED5DF10,SHA256=FB7E30B190AE08403DD0CB17F4349F66F908D78B37C6ED2E7FF589D801A5F594,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238191Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:33.096{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64811-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238193Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:36.736{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EBED116BB56AB277AB4FF9D2C5562753,SHA256=0D3F22042FAB6374D4C2426B40BD9E82D2229809CEE0C7AB0D8DAEA2BB04002C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213334Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:36.201{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=95CCF9917991A7536CC23102AEBD8A07,SHA256=C650DA64543DF3FDCA7B9C7A5357721486D7DA4F347F30989DD1A50CCA9BA483,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238195Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:37.737{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C8CA000DD2B94B6D2C5BF75C92175271,SHA256=4A52C3C56A354B161373D7BD8920ABB1879B26F6D66936C4784AEB0C7627D345,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213336Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:34.824{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49989-false10.0.1.12-8000- 23542300x8000000000000000213335Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:37.202{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=955117729AA9FC1611C11A7E07F4AE2E,SHA256=E275441873133080195943B5D5860F1358AA764306893FA17D6068FE7267DED4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238194Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:37.106{6EDEAD03-E1A0-615E-1000-00000000FD01}372NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=E9C5969816E6E9EFFBBFCE31576052B1,SHA256=FE46E5645305CC5928592A347D97FCDF36AFADB595EE2F344EB13380F35DE0CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238196Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:38.755{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BBE1484B479794938F74F3C86FAA6644,SHA256=1EAFE74BEA6A151059CD3C2E850C3C906C18A2D8CDA5A69475076C3F3C527D24,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213337Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:38.202{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B1381B172F9BDA03D81B549002B430E0,SHA256=69FD4E77CF27ADCCB99B5558FC974BDBF93DCCBE03D44A9FC17FD4C7391C6F7C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238197Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:39.770{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=67A7A109B73614BF619993381703B7E6,SHA256=BE6153D609DBF08A74E3F7FDE829A0386ABB34C589DA67911B55986F7B60B55E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213338Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:39.202{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=457C6E4105384837018AAC687A23731D,SHA256=45FFE9B2FA52AAD2679E667BDC457FCBCF75DB8E7A6AB067999D31665A6145D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238200Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:40.772{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0BEA3448ED87A743ED42B9D531490CF5,SHA256=2CF8389393009A1012159B5E8246E0039BC9A4CBDE68F5513991FE6BBEAEF552,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213339Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:40.218{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0F5C31D32E79F80E7DB747E3879BAA5B,SHA256=A23B681F227EA8B56006FBF00794EBD0C2647A7B88AD9D93651AFF4477D83291,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238199Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:40.571{6EDEAD03-E1B0-615E-2800-00000000FD01}2904NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238198Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:38.979{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64812-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238201Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:41.774{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FE34158B3111F6991EF8FA6B728F5BB9,SHA256=C44D8484A336252FBE4049021AC803EF7E34F8AA0F560537C2D7864A8FB638D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213340Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:41.234{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8D2835E758875CB0FFEEAA3577A6D126,SHA256=B1BD06B4948FCF7518746E5B062790693364F3CDF88783E0A98A2C6C6F8C229A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238203Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:42.777{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E65989CEF9673A285A89037974F64AF1,SHA256=9E35883753D31DED413FBFA8257144B9F85A4AFD03ACBAEA5BB52241131BA889,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213341Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:42.249{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1C09CC9A76FB403FC6FBEAC413740AEB,SHA256=B9758EAD2D13BEE4ED64499ACEDAB25D57DBFE593DE682EB8F99B3884CC15BB9,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238202Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:40.465{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64813-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000238204Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:43.778{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5A4854CF33686CE98E2F0E6DFC45E7DA,SHA256=61A6AC0715BD340EED452F1D92FA94532476A58C41377B124BDE6CA0EE52EC44,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213343Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:40.746{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49990-false10.0.1.12-8000- 23542300x8000000000000000213342Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:43.296{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=086D5490B7D885084D874068B4AB9AF2,SHA256=1639A2852E8A0FDC89F07B84301461918FC7BA359616948B056B01554E35E731,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238205Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:44.796{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5E8CDDCAFADCB16322C9995E98BF496F,SHA256=4DA7005316029DBE4266DEEC5E292D5DFB7C8583FA8A28F1C0A67F946C52F272,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213344Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:44.312{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CB73793560E54739E94CD8FBE560A4BB,SHA256=6D0EAAEBCB12F6D1127D85FE7B03A5E4481E535B20DEF1744DEC8B4B2AD7A869,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238207Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:45.815{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A7B31C167FE0549182737B4BED2725FF,SHA256=D5121BB9034224A467CA89ABE2115A6051BC50A0A7D9FA8BEC4562DC3888B19E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213346Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:45.828{49C67628-E19D-615E-1D00-00000000FE01}1960NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213345Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:45.313{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=255031BE8BD40E785FF994E735A098E9,SHA256=AA27DBBFA1BDCF65B01CB41FFA7D4C09EA4C97C29CB0A2B1E755C14F796D2DA9,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238206Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:44.006{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64814-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238208Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:46.816{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0287D657CB88B9F9EA117A05440C0C8E,SHA256=968C4F4A36CE249421AA5F134C4CC7192CB578EA23AF3EA5DA40E198123EE8CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213347Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:46.313{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D382634E1539FBD7AE620BB2ECBB82CC,SHA256=E89E1E5E1D206B5F86F93E732921F4101EFA6ACA21FD42345C8B7B4CE77E9896,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238209Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:47.819{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B1AA19687A8B353CC5ADC814C4554FF1,SHA256=45A549D5399B54BDC1BDA39EA62624D770CA1CE88227FE5E0CF88A09977229D9,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213362Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:44.402{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49991-false10.0.1.12-8089- 23542300x8000000000000000213361Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:47.328{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=724317496C48DA999E15C9C211C1B8F7,SHA256=A0820C42B651A4BC65885B92CC5FABBE6D285F12C46C8B5FEB54C1D67983CFDB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213360Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:47.328{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E74B-615E-3A01-00000000FE01}2396C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213359Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:47.328{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213358Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:47.328{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213357Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:47.328{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213356Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:47.328{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213355Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:47.328{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213354Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:47.328{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213353Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:47.328{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213352Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:47.328{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213351Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:47.328{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213350Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:47.328{49C67628-E19C-615E-0500-00000000FE01}4161044C:\Windows\system32\csrss.exe{49C67628-E74B-615E-3A01-00000000FE01}2396C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213349Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:47.328{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E74B-615E-3A01-00000000FE01}2396C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213348Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:47.329{49C67628-E74B-615E-3A01-00000000FE01}2396C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238210Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:48.835{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B3FA6B756AC1F535656398256DC74F8,SHA256=A6A2939D9FCD158FA5B17B888085CB5FF05E864A2FAEBB0E9939D1C128FB944D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213379Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:48.626{49C67628-E74C-615E-3B01-00000000FE01}2440528C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000213378Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:48.438{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D135C2D0B3F8FDA27157F43680D4CF7E,SHA256=C8C5D6019832E47274D1ECBC74558E802A4E602DDEC4B6584142F4B1D1CAADCE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213377Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:48.438{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5F2362A96CB67F14CBCDCF80E2CB242A,SHA256=FD7FA5F8B6CA42DF7CBAD659679CE543F446F46090902A7D72956B8604F9B03D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213376Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:48.438{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CD0A7978901BD5C4D18BD6EB3A6C8125,SHA256=4CC88C017BD66CBCB9752D26F1C28675F7056E135D7740812B297E5701C4A109,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213375Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:48.438{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E74C-615E-3B01-00000000FE01}2440C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213374Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:48.438{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213373Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:48.438{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213372Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:48.438{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213371Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:48.438{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213370Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:48.438{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213369Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:48.438{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213368Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:48.438{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213367Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:48.438{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213366Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:48.438{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213365Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:48.438{49C67628-E19C-615E-0500-00000000FE01}416532C:\Windows\system32\csrss.exe{49C67628-E74C-615E-3B01-00000000FE01}2440C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213364Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:48.438{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E74C-615E-3B01-00000000FE01}2440C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213363Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:48.439{49C67628-E74C-615E-3B01-00000000FE01}2440C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238211Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:49.837{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F09D72EED416E84043ADBE2218000A62,SHA256=3856BB24D4EB00AAC3DB3738D50002198D185BE392D31880A69C171DCDFC1577,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213394Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:49.876{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3ABE3C87E5542D48B29C836F6E79E5BD,SHA256=2805956F7FCBF2CE11598AB7F9FF0FBD11CF3480F9F76C18EC51DDE5375422E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213393Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:49.454{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5F2362A96CB67F14CBCDCF80E2CB242A,SHA256=FD7FA5F8B6CA42DF7CBAD659679CE543F446F46090902A7D72956B8604F9B03D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213392Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:49.110{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E74D-615E-3C01-00000000FE01}2860C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213391Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:49.110{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213390Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:49.110{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213389Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:49.110{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213388Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:49.110{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213387Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:49.110{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213386Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:49.110{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213385Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:49.110{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213384Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:49.110{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213383Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:49.110{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213382Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:49.110{49C67628-E19C-615E-0500-00000000FE01}4161044C:\Windows\system32\csrss.exe{49C67628-E74D-615E-3C01-00000000FE01}2860C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213381Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:49.110{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E74D-615E-3C01-00000000FE01}2860C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213380Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:49.111{49C67628-E74D-615E-3C01-00000000FE01}2860C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238212Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:50.868{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C256BAA377C4F5073B9D0283FDA64E47,SHA256=1B7CAC67CB45B933ABED400E0AC19DA15862E02350C83CAD55462395ED7D7BF7,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213396Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:46.762{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49992-false10.0.1.12-8000- 23542300x8000000000000000213395Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:50.470{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=61BBC80E360AB54B9422013B0DB493C7,SHA256=0637A9BE0CA68AD7EC3E3E01D907BAFA7C13BA36E62F824AF20F27C83BF20D8A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238214Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:51.919{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=641DF474358ABE3226807036EC8CD794,SHA256=B5F5A5505F77D68DB4AF4F14E940A03D87AC467A94EB73A6A7C3C2F377A60C2E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213424Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.954{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E74F-615E-3E01-00000000FE01}1296C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213423Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.954{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213422Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.954{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213421Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.954{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213420Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.954{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213419Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.954{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213418Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.954{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213417Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.954{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213416Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.954{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213415Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.954{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213414Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.954{49C67628-E19C-615E-0500-00000000FE01}416432C:\Windows\system32\csrss.exe{49C67628-E74F-615E-3E01-00000000FE01}1296C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213413Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.954{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E74F-615E-3E01-00000000FE01}1296C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213412Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.955{49C67628-E74F-615E-3E01-00000000FE01}1296C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000213411Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.501{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CEB14D9E69A658395791979739C42B16,SHA256=90FFC6108DF98B018B1CCF792BB0D39C650C75259E41EEF15DBDC204C0C35A7D,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238213Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:49.961{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64815-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000213410Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.345{49C67628-E74F-615E-3D01-00000000FE01}27362264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213409Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.157{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E74F-615E-3D01-00000000FE01}2736C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213408Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.157{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213407Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.157{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213406Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.157{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213405Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.157{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213404Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.157{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213403Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.157{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213402Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.157{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213401Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.157{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213400Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.157{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213399Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.157{49C67628-E19C-615E-0500-00000000FE01}416532C:\Windows\system32\csrss.exe{49C67628-E74F-615E-3D01-00000000FE01}2736C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213398Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.157{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E74F-615E-3D01-00000000FE01}2736C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213397Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:51.158{49C67628-E74F-615E-3D01-00000000FE01}2736C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238215Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:52.941{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA2F0B51934F572E48F48480D174B07E,SHA256=DBC653E3925563917F726864515B49D0763D336F12ED18D3D67C1F10E98F177E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213441Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:52.767{49C67628-E750-615E-3F01-00000000FE01}36884024C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213440Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:52.626{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E750-615E-3F01-00000000FE01}3688C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213439Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:52.626{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213438Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:52.626{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213437Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:52.626{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213436Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:52.626{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213435Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:52.626{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213434Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:52.626{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213433Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:52.626{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213432Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:52.626{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213431Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:52.626{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213430Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:52.626{49C67628-E19C-615E-0500-00000000FE01}416432C:\Windows\system32\csrss.exe{49C67628-E750-615E-3F01-00000000FE01}3688C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213429Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:52.626{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E750-615E-3F01-00000000FE01}3688C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213428Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:52.627{49C67628-E750-615E-3F01-00000000FE01}3688C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000213427Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:52.548{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B4DF118D05F950522F6E8EC1A995441F,SHA256=D66BE542531C69BDDB919A4F2353F015952B088D3A59FB4C14F0343D503150BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213426Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:52.189{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=05546354BD401587912C544BAFE40A89,SHA256=83E874B56D8ACCF52B9F2F86CAE97CD0E18F6075CAF8B0C3C848457F7EF0F021,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213425Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:52.126{49C67628-E74F-615E-3E01-00000000FE01}1296664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000238216Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:53.942{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D0EA35739D5BC214FB53BFF38EED7346,SHA256=EBEAA03AD8FCD6A85B0C87A4C07B40693559CEF05EB8ECC0439AD1FE45F16984,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213456Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:53.845{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BBFB28D21C554E203E100E92F19210BC,SHA256=3B57026287C3761B3CAB3C6465C3A331F3B8AFD61425B67575FFDEF66AABD8DE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213455Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:53.611{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E751-615E-4001-00000000FE01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213454Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:53.611{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213453Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:53.611{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213452Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:53.611{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213451Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:53.611{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213450Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:53.611{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213449Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:53.611{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213448Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:53.611{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213447Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:53.611{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213446Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:53.611{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213445Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:53.611{49C67628-E19C-615E-0500-00000000FE01}416532C:\Windows\system32\csrss.exe{49C67628-E751-615E-4001-00000000FE01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213444Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:53.611{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E751-615E-4001-00000000FE01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213443Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:53.611{49C67628-E751-615E-4001-00000000FE01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000213442Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:53.579{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3B21732F26995CB1B7D34919126BD9EC,SHA256=EE2FF1544A71590E0681B62FA0140BC90BA0F2872A4780E9305C7C1C4F9C4EFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213457Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:54.814{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E5D44992124D4F8290A957F1182A2620,SHA256=A4190134BFD58F99C7B052B7BEE28123B94C6D47AE7CC76B52AA75B94197BC6D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238217Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:54.942{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5644FC10A1AA5C87D1BB0461FB22E9E1,SHA256=A6FBCC2FC00B7954833545CE7C25CB4C1EA0211A5282856145F735C4D8985DDD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213458Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:55.845{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=512F5B3F9C629FA31DF81DB819C65957,SHA256=4FE6A55965D1AAC427EDDBED6D06CE6A8BDD22C80F65BA8E0C9CD523F11F2228,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238218Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:55.957{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=066909A9C7F350F14A1BD85F30E1FF74,SHA256=4165AA26E29FE35B7A587B5C01ECCEB1D5C8E9850DEA09EAE742F9FE2E1A3449,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238220Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:56.958{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9CF3E89FF55641C5876665FC9C07743B,SHA256=7010BC389262896D08E3270E2D0822F56AD7323D4D2011C322B1886A13A58804,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213459Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:52.699{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49993-false10.0.1.12-8000- 354300x8000000000000000238219Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:55.032{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64816-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238221Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:57.973{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3EF29AD3E8D3387B8248C764F0B44C12,SHA256=51E3587B926EBBC21C02CA66AE1B8A12419DA5692EE66AF7F5FC24F4D6AD593C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213460Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:57.018{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E0560B976F78811AD286A70EEA4FA317,SHA256=EFF90D62F0D1EA812F913BB1BD15EE6797B36881DFC312566601619229A16C84,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238222Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:58.973{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C6DCC81919779C3BBEBDED9798C2B76E,SHA256=005B06EFABDC6EFC22D264A94F68B2652AB9B6E8ADDBBEB9C6D2FA7754DAB903,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213461Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:58.127{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2398BEB60A34E51230937187B54B800C,SHA256=AD5EAE2733EC0C92FA4D9ADFC3D49959222F1B70DFD3FDF4E7AC815A1FC3BD84,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238223Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:25:59.988{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E5CC9C33EE0D4F6C7C316F44D289E1C,SHA256=B5D613A2B83AF533770678902D6ECFB359231D34CA7069222D428320DF88763E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213462Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:59.252{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F4A89B7C3B39252B84854AEDDD7760CA,SHA256=69528174D89448FBED19C70084FFFE10645E1C2606FF697FA0CDF067B34AC133,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213463Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:00.252{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E735FFF37FBDD50EF6C479D58FD76649,SHA256=667177DDE67DBF56ECD7FA973F6D1CEB9C81129EE5380787A0CB292795869EC2,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213465Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:25:57.746{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49994-false10.0.1.12-8000- 23542300x8000000000000000213464Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:01.253{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C7C16E77BDF529EF505F3E463E49F189,SHA256=875ECDA4A9BD1C9B4A84EF6E2FC5965462539AFFF4E25257BF5724AC8BB5A1B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238224Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:01.025{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2DF59541EB9DE2AEE2DE0DDBADAF6E11,SHA256=9F4CCA72B53F8532AD32E36C6B52F2ABB41A43DB2C3CFADAB8010B8E38996B82,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213466Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:02.253{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ABB8F41E7773DD83E582B251BA346153,SHA256=FEB253D7CA3DAC4F4759554432E5526433B9EC321985E963545B38E0FDCAD588,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238225Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:02.043{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=519FFEDB196CB940A8BF9E5944D767A2,SHA256=367DCD345AE85AE38EAE9AF7085A2661878391DB5B7664BFD3189B767583F3C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213467Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:03.253{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C15B889356263B1108B8042D87275152,SHA256=638A83D0C6FA7BA9E774B5D15E337BD13C83E16FB6720BE957D1E7EA04E40DF8,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238227Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:01.012{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64817-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238226Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:03.044{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=94EFA36C03ED7518EC0AC6304EEE8782,SHA256=A710F40FBE336D5F991A4337B60053325A5161CFB687A452A1CAF1D6B7E5BD38,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238228Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:04.079{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F7CD0A884992F799AD684AFEE43EBC4,SHA256=0CD0F474F876926878A64CAD72946F45B87A75547EA6B53A8EAD623A53821694,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213468Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:04.253{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=622DA0AB5BC53FC2C8C654C30C784D7C,SHA256=AEEF2039AE68CC28654419DF8FDA043E6789E8A7F957CB98DE095A6560DC0D11,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213470Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:02.762{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49995-false10.0.1.12-8000- 23542300x8000000000000000213469Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:05.253{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B06123AC3B4FE08423F9FD45CBFD2150,SHA256=B04D9970DBA02489A3D6527E9085ACF22F9FA35A2E98C0A5FDA72834296DB6FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238229Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:05.079{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9855267DA7B9790381C5D9F3E5CBF341,SHA256=9DEDC1BD73B1B463773BE8B203C2717440A8858B2571DEA894DA28759BB02E73,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213471Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:06.253{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=298D608F5613DFA14052C4A9D396D586,SHA256=A0848B6645F3DC8942AEFFA1CF6AFAC50521AD126B3B0120B6D9A450108B4C5D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238238Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:06.473{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E75E-615E-8301-00000000FD01}2748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238237Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:06.473{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238236Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:06.473{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238235Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:06.473{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238234Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:06.473{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238233Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:06.473{6EDEAD03-E19E-615E-0500-00000000FD01}420536C:\Windows\system32\csrss.exe{6EDEAD03-E75E-615E-8301-00000000FD01}2748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238232Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:06.473{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E75E-615E-8301-00000000FD01}2748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238231Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:06.473{6EDEAD03-E75E-615E-8301-00000000FD01}2748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238230Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:06.094{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5AA2DA6FB91722D0023C29258F83D294,SHA256=75A9B7791DAA37631BAF6F473C6741937C4EF91878780E467842E604E470160A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238258Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.809{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E75F-615E-8501-00000000FD01}2880C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238257Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.809{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238256Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.809{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238255Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.809{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238254Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.809{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238253Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.809{6EDEAD03-E19E-615E-0500-00000000FD01}4201708C:\Windows\system32\csrss.exe{6EDEAD03-E75F-615E-8501-00000000FD01}2880C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 23542300x8000000000000000213472Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:07.253{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=49F59E58CD616E868E61A8CF88E021F1,SHA256=4F81F9944574B60173DE923552DE92453DA031669337C1C255DDDD7F435C29C3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238252Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.809{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E75F-615E-8501-00000000FD01}2880C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238251Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.810{6EDEAD03-E75F-615E-8501-00000000FD01}2880C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238250Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.508{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=75119B871042C223EAB13C2A0EAA6E9C,SHA256=BD3D28484A3A6001092282DBA71B0DED9C5D7C362C177C4FEAED8995E90ED20F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238249Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.492{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A27EF0DDA121C46C845E846114B60034,SHA256=FC7492F38200279223FC06961223B488DF6443B3B92902E6FA9891F116A8CA70,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238248Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.404{6EDEAD03-E75F-615E-8401-00000000FD01}34686076C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238247Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.142{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E75F-615E-8401-00000000FD01}3468C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238246Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.142{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238245Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.142{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238244Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.142{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238243Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.142{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238242Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.142{6EDEAD03-E19E-615E-0500-00000000FD01}420436C:\Windows\system32\csrss.exe{6EDEAD03-E75F-615E-8401-00000000FD01}3468C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238241Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.142{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E75F-615E-8401-00000000FD01}3468C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238240Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.141{6EDEAD03-E75F-615E-8401-00000000FD01}3468C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238239Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:07.120{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D74338566D5F15089C9B08E6E46A9637,SHA256=74E33077FA92DD6E5FE48ED1B93970D9E81F795DFE803DF3464F49CD0B3EE537,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213473Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:08.254{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=932D315E9006CD7CC33590FBA5322A8F,SHA256=7FF550765BF9328E422FDEBDAFB6548E32FF6E47BCD061A6A59EE8B2E3DB34D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238262Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:08.834{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=75119B871042C223EAB13C2A0EAA6E9C,SHA256=BD3D28484A3A6001092282DBA71B0DED9C5D7C362C177C4FEAED8995E90ED20F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238261Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:06.598{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64818-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000238260Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:06.598{6EDEAD03-E1B1-615E-2B00-00000000FD01}2968C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64818-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 23542300x8000000000000000238259Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:08.128{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4A31E2F145330015FF2628396E0A44E8,SHA256=7A1CE51D2EAE361839E7BE0F5A88040CA4FB435505FF347DC41D3B5061741E40,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213474Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:09.254{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=71BB1178776D57B4BA729D47643AF819,SHA256=00846EC4F9EA0C33BE0DB6B8B9DE843B32DF1BEF2FCC280C72E4A8EED9AA9D5D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238272Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:09.933{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E761-615E-8601-00000000FD01}1488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238271Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:09.933{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238270Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:09.933{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238269Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:09.933{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238268Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:09.933{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238267Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:09.933{6EDEAD03-E19E-615E-0500-00000000FD01}420536C:\Windows\system32\csrss.exe{6EDEAD03-E761-615E-8601-00000000FD01}1488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238266Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:09.933{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E761-615E-8601-00000000FD01}1488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238265Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:09.934{6EDEAD03-E761-615E-8601-00000000FD01}1488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000238264Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:06.945{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64819-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238263Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:09.153{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6F40F284BCE41154D5AD1C3DDD03E1E0,SHA256=B2ABEA3F85A0F1E7247A30F11DDC863806DC9BB814475CCD758ADE14D2BA6C52,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213475Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:10.254{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=881E05CEA435229C5709603C06061815,SHA256=E2B4BEE2785DAD630C5936270C98FC275F1441D579D576D1A0A7A12E16C2D801,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238275Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:10.952{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0EA582A9A71854FE8B944694BE0C7AD4,SHA256=FBBD666DDB76DD127A04748D9F9A9C091A74BE26175B43664345E741E717BE99,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238274Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:10.233{6EDEAD03-E761-615E-8601-00000000FD01}14886988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000238273Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:10.186{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3AD7B9529014ABA9F78F4077F4F91E80,SHA256=C7101C9BDE098EC310390859573C8625BD18CA513C59B783088CE97DA74CC851,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238294Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:11.987{6EDEAD03-E763-615E-8801-00000000FD01}61605136C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238293Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:11.750{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E763-615E-8801-00000000FD01}6160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238292Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:11.750{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238291Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:11.750{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238290Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:11.750{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238289Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:11.750{6EDEAD03-E19E-615E-0500-00000000FD01}420436C:\Windows\system32\csrss.exe{6EDEAD03-E763-615E-8801-00000000FD01}6160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238288Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:11.750{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238287Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:11.750{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E763-615E-8801-00000000FD01}6160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000213476Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:11.270{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=16F0F3C7AD236BEE5CEBF2DD5EB4526F,SHA256=F62C469A1CDA60A0C45B6D2272D23A397B66D92F36A286D6699169ECF08F18E3,IMPHASH=00000000000000000000000000000000falsetrue 154100x8000000000000000238286Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:11.750{6EDEAD03-E763-615E-8801-00000000FD01}6160C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000238285Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:11.301{6EDEAD03-E763-615E-8701-00000000FD01}19724216C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000238284Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:11.201{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C82B551884E0BEC8C1053A445687155E,SHA256=4E2EAE936953D90F006D081175E84FE02591D0506E54625617740A469F9B6F2A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238283Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:11.070{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E763-615E-8701-00000000FD01}1972C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238282Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:11.070{6EDEAD03-E19E-615E-0500-00000000FD01}4202412C:\Windows\system32\csrss.exe{6EDEAD03-E763-615E-8701-00000000FD01}1972C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238281Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:11.070{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238280Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:11.070{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238279Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:11.070{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E763-615E-8701-00000000FD01}1972C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238278Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:11.070{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238277Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:11.070{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238276Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:11.071{6EDEAD03-E763-615E-8701-00000000FD01}1972C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000213479Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:12.633{49C67628-E19D-615E-1A00-00000000FE01}1804NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211007120136-023MD5=9D4F391515175B78F973C8B5B774DE70,SHA256=E6B13D39A78F2A37A848863A5E3913D5FD4B55347F92E521523460DA93139266,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213478Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:08.793{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49996-false10.0.1.12-8000- 23542300x8000000000000000213477Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:12.271{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FD2CA49914343A7D5CB9176F9C3A1C4D,SHA256=AAEFCF958799327684A2C204733730A051FFBB651A0531961A54382258D77D6F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238304Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:12.539{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E764-615E-8901-00000000FD01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238303Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:12.539{6EDEAD03-E19E-615E-0500-00000000FD01}420436C:\Windows\system32\csrss.exe{6EDEAD03-E764-615E-8901-00000000FD01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238302Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:12.539{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238301Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:12.539{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238300Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:12.539{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238299Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:12.539{6EDEAD03-E1A0-615E-0C00-00000000FD01}836308C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238298Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:12.539{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E764-615E-8901-00000000FD01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238297Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:12.540{6EDEAD03-E764-615E-8901-00000000FD01}6232C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238296Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:12.209{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C6E2ABC96D58CE50EE786FFB109AF54,SHA256=64F79C8BA4A91DF4B54A0588C51E8E1439AFBDA4BE72465A1AF07552D2ACD6E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238295Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:12.093{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=24D6C8415EA319297A248D5F1BFFAB14,SHA256=7AC088C037EA3AC8723DCBDE9F0CDB1BC3EE1136682FDCFE23DA27DA4D430751,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238307Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:12.164{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64820-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238306Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:13.539{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AAACF05473ED7F06AB4A3534583F86C6,SHA256=63FACFDAE61F3B43FE861F48893D79D6092C0118AF675E159A4EF5D33B38DC8E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238305Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:13.224{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5D8D0E402B1ECECA5AE9E01AF0BACAB4,SHA256=F0B4C667E0B337E0D8766DB4F0B93389901008128ADF2D51E878D9E810AD702B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213481Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:13.635{49C67628-E19D-615E-1A00-00000000FE01}1804NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211007120134-024MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213480Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:13.275{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D9FC6C1B5903F2FFE05A32D0C2A8F6AA,SHA256=A79BF2212D8D028E7F0C61ADEB065C6BB45C66F0493A69512AC84677F1E9DAB5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213482Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:14.280{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=87CA81E419EC0E9DD54D882D127EBC3C,SHA256=AD367BFA7207900C2236DEA7DBB2AC4867FA8D346D85C3048E56890F26D5A78E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238308Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:14.239{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85FBA838CF0658465CD65C067F649C8B,SHA256=D873A282FC46E809435681AAC5D81B1230147F590EC701FA83991E4F14FED511,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238309Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:15.254{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A889321BB76E2A3A2E36527087EF18AF,SHA256=2A67FE1CD2138F05068BA83FE340B90AA13E9DA21C1DF102E3BCDBD62BB45346,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213483Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:15.280{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=50EA6E14874EE33EB2B3277AAAC8C0B6,SHA256=4601A7355A6A296BF0CD0BE3CEE4821263E28CD0766F55BE2C636237E2CB06BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238310Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:16.254{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4F98F04581B811145DFD012D4175611C,SHA256=30C6B6B49E8386435AD08C355A687B24CBC21E2C3FEC3E6A47E8942C8FBB6C7A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213484Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:16.280{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10BD4E622D28CE14360F8B90CAAD9F87,SHA256=B0A59A485A4B932E7B095C4D4CB883FD1DB1C5D74725205B3A6DB192B2F5B1A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238311Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:17.274{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B6CA2273A04E499C63D01E6921F06ECC,SHA256=6D20E7DC09321F8F64562B5979A5843543577E1E95C3C7ED367F9E8A256A7875,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213485Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:17.280{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=239F6282A497BA92984150661FDBE4E0,SHA256=E382BDA35767F2D9C7C33A6CE00CD5810D87BA3D75B63A3399A87F39EFEBA129,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238312Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:18.293{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A5CC6CDB198429A39082B1945A20390,SHA256=EC187EF0AF9106890455888F2224F426CD60DADAF5C00125CE2355F7CE94D14A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213487Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:18.281{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D41BA10D4A4B87D4391E22F9926DD43E,SHA256=C29346C87596B5CD4BD85DE9D325017BBD2D991C8EEA4BCBBE7AF55D5B6D3C1F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213486Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:14.678{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49997-false10.0.1.12-8000- 354300x8000000000000000238314Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:18.001{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64821-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238313Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:19.312{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=750720B169EAE2C4B51BAC31268B3019,SHA256=1FD45F19F532377F858528F00BA8BD555D74568800BDD0CE71EAD9D1393621BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213488Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:19.281{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4DD6F106992B3293BBAAF76EC8F2B624,SHA256=FCA65326A3FA42679F19E9E6355035A5C17E4BF8319470F2829617249EFC28F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213489Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:20.281{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8DE6578A75C0BE0DE40469DDAD99BEC3,SHA256=A3A2FCC3377B1B7A6D8774C248B432636762849F2E079EE5E697768C96BC2D00,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238315Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:20.315{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C76150DD315A6F7A9622FC84458B8B8,SHA256=18667B5CC712113A83A28709DC33DEA963926F5081EEE9D932697507D2F3E64D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213490Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:21.281{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ADAAFBAF5275FCAC88A8DCEABADB6E32,SHA256=00B01AD60C28122CDD06362F96740E20B4DF0AB98715E0FBAEBE0410784ACF26,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238316Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:21.331{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE7A914B8F2FFC0EB87F2AC1DD58B70F,SHA256=4FAD607227EF252623640A99CB6E962612C101EF14771C418AE2CDAEED2BCF77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213491Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:22.375{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2EC246EC73FA01454F3F48B7466BB7D9,SHA256=596A9053878DD63956E52A74F4F05C022D8A9031A6EFC1AAE52A7D2496DA9BB0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238317Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:22.346{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B2BF2EA0DC975C99E4D0ED6FAF26805C,SHA256=65BF59F4AECC2E83DC07EB2682AA49DE0299B6D765164CB0A397BE65C9F5DA09,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213493Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:19.694{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49998-false10.0.1.12-8000- 23542300x8000000000000000213492Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:23.406{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5576837FD005EF7B57ACB8A548AD6808,SHA256=559C655BA4769B222241B8BECEC5F6810ADD89B016FEF73AC381045D00D482A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238318Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:23.348{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F1FACD7F4371E76FA20355EF9BFF0B70,SHA256=42D5CB1E352AE2CB7F7268F64261F3B2F9C828CE50E660CC7F3CECE46AD3515B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213494Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:24.438{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=27BDF55213992E108D661B2E280E05DC,SHA256=8301F27849B0BC662D2AB7B38D9CB82E0304DF70211EDDA15087D3FCBEF4DC48,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238320Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:23.070{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64822-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238319Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:24.365{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D74172B882CD67D02D60F1B96039DE06,SHA256=273163B821BF612509B22EBEB862AE08E87C223A579438ACFC94336A1AE2A5AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213495Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:25.453{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D14F9094DAB613625277F7A30A7E80AF,SHA256=F0424FE8B1AF2D80D50D4277200C906FCB4630E498C54761F6282A93229A7539,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238321Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:25.372{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB57BD06DEBAD4C4F6FB7AB9A1B8B6DD,SHA256=DA6FFEE158A87EE87DFCED7A60DE7DA7F307363C99C3192E050F4408886482E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213496Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:26.469{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1C0EA97CD13346E30587A44C40CBB9F8,SHA256=BECCD129125ACFB568DA4EBB7E4EB8ADDB8C40AA887A9552D062882A4C98F92D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238322Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:26.374{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C1A4DB5D8FA64E4676184297CD8BBB92,SHA256=B471CC8C402EC9EBF51A47308C2DE11BE18CF7A1FB88AE9FA9DC660F69A9CFA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238323Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:27.375{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=34AE78A3FA290A62664567003652A5DC,SHA256=47AB867BB7F6B81E397CDAE9A8B45FABE36A04EFE5B499971337C19D1B3E8D30,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213497Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:27.469{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3BEBAD10A2D930571F69A06D033A21A4,SHA256=0D8BBD2994F61D713B23A2175097733D06BEAF03F2D5805E2B856D9408A97916,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238324Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:28.415{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F1E6EB373E6FC769576E238ED25287E,SHA256=A5E27F0CD0A229DE0FA2CA4CCB94D7F442236D492DCF37E161BBEB647E14A202,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213498Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:28.469{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DCDF58FE73F9CC471603010586AA1B37,SHA256=4553D3481E873A89F36E1B9F18233E60F85C404C2843C8BC245193E060A2A944,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213500Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:25.679{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal49999-false10.0.1.12-8000- 23542300x8000000000000000213499Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:29.470{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A1C08B4EB3F8549C3D677C011F1084DF,SHA256=B75AB48D654465020427054CF82261581ABCF3FC794954AD4A37F4ACEB2B7BEA,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238326Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:28.155{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64823-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238325Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:29.417{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=39A6254597D37D11059DB543EAEBACB0,SHA256=312A1166FC5D02BB8334387F98430C27898B214568338C4CEE4F8F87D3A0AC0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213501Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:30.470{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5CB72091923457E8166DD3E8C7649F7A,SHA256=F67D273FE723EC97A91CB16460DDEAE32243E4079F8A10B65BC9C9FECC5622BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238328Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:30.919{6EDEAD03-E1B0-615E-2600-00000000FD01}2868NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211007120155-023MD5=CF99E2CB113D8D2DCF43ED5FD96B633A,SHA256=1FA348E6AF774F9DE3BF8065B0725E0F0BD5741AF42D4AB3E9893B22D98D3DA4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238327Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:30.417{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=451B2EAC696E90182E26ADB766546EBA,SHA256=D30C8B0E59DD0E861C655E7DCC03908C2679373C209D63FCB1C2DC587C8009F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213502Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:31.564{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0F15582FF00DD5CB566FD2CBEAD8D0AF,SHA256=EB21D028BC8B89755F47F012C10341A13241A5FC2190DF4A6340EC65760C2980,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238330Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:31.921{6EDEAD03-E1B0-615E-2600-00000000FD01}2868NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211007120153-024MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238329Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:31.419{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=69A91EF6286B566381259D9F5C461A18,SHA256=1E1C6D938F5D5862691072487E02C013838F8696029401EAD0A87EB0D042AE6D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213503Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:32.595{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B2280963E68B46FE538E1047B3DC7475,SHA256=9B5BFFB22ADA9D43E120464515CBE6ACC90BC7E86DAC2FA4E1C1A8CA14E0C92D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238331Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:32.430{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=988AD135BF9B00A640B1BED8899FECFA,SHA256=EED8EAA8C983117CD2855D6076A7C96EB2042EC172BCF7B764696E7F52AAC006,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213504Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:33.689{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=17565C6F00F867AC6EFD961C89C326BA,SHA256=B9CA3E546365B1822603DB4B3245D0D5E1609006261585FDF64DB94F011F0CC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238332Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:33.439{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=07A4B6C1738B450DBA52ED1FF8B4D0A0,SHA256=463FED8E2BE423A30CA138160EF4C6365E8D1032076A3FFC5FF36133A8575C36,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213505Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:34.705{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13EF9219F75EA5DFD8CFCAABAEC9A233,SHA256=BC4983D46B24856124D22ACF88D94417615998BD75595BEA15185B9525E67576,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238333Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:34.455{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1DC44DC9BAA7AD9894BF32E2D64BEE91,SHA256=C1680FDC8E4219DD69AF9EAB53B5C832F1964B265006FFED7104DF82D2A2223C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213508Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:35.783{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=06B0C8FA203E3FE446B6877C216239B2,SHA256=0C89CDF0AB8B04360140F2E2C12AFE18751F42623BE8796AB37A0B3178414914,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238334Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:35.456{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1C2C5BD43A34198D9327EC94F1A72601,SHA256=AFD18079D991EEF576F7A1B4572D46BBBABA22D1698B62F98AE3A6AAC15E9422,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213507Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:31.663{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50000-false10.0.1.12-8000- 23542300x8000000000000000213506Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:35.017{49C67628-E19D-615E-1200-00000000FE01}980NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=36FB338EABC33FEA43192B32D395D089,SHA256=A8F42CD665ABAA873F515A6B3E35C03F3774818E786A5FAEC9DE04419DEF1907,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213509Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:36.955{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A4AEB21885D4ABB8FE8CF34D44B44BD0,SHA256=2DA72F496C805E9CB17B1315575A44FC5199098506C5187F6DD572BD33853780,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238336Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:36.457{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FCA1B2CFED20D29E24D7E7C4A93F5E42,SHA256=0C5494A3AECF837988DE78F75C12BFD09B6911B957D75F59A30C22C72DF8B640,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238335Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:33.995{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64824-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000213520Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:37.979{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2BFED45BD3E1B5DCFF0BB2CFEF3F6E28,SHA256=5298402E2CC7D0D5760D0739722038957C46D1FAA4EBBDD8BDB3E3E04D4283B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238338Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:37.473{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C294C2596644E32764B56E8F33283AF7,SHA256=119C16898E3AD97FF5D32758689E0F133506238E290918808D8CFFE9AF0E68F6,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000213519Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:26:37.408{49C67628-E19C-615E-0B00-00000000FE01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000213518Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:26:37.408{49C67628-E19C-615E-0B00-00000000FE01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00170177) 13241300x8000000000000000213517Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:26:37.408{49C67628-E19C-615E-0B00-00000000FE01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7bb6e-0x30e10b3c) 13241300x8000000000000000213516Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:26:37.408{49C67628-E19C-615E-0B00-00000000FE01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7bb76-0x92a5733c) 13241300x8000000000000000213515Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:26:37.408{49C67628-E19C-615E-0B00-00000000FE01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7bb7e-0xf469db3c) 13241300x8000000000000000213514Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:26:37.408{49C67628-E19C-615E-0B00-00000000FE01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000213513Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:26:37.408{49C67628-E19C-615E-0B00-00000000FE01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00170177) 13241300x8000000000000000213512Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:26:37.408{49C67628-E19C-615E-0B00-00000000FE01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7bb6e-0x30e10b3c) 13241300x8000000000000000213511Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:26:37.408{49C67628-E19C-615E-0B00-00000000FE01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7bb76-0x92a5733c) 13241300x8000000000000000213510Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-07 12:26:37.408{49C67628-E19C-615E-0B00-00000000FE01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7bb7e-0xf469db3c) 23542300x8000000000000000238337Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:37.111{6EDEAD03-E1A0-615E-1000-00000000FD01}372NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=D4DD775D01783C537F4B6617E20264B6,SHA256=DE1E6103D9FE9D42F5709B3E6E00BB74671B730976A114057180313B06F778C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238349Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:38.510{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=64EF2A63333AEBC81F9220881516F44A,SHA256=3FDAD9C86CE5752CE7B8D4639CBAFCF35D0DC2AD417A6D120106495D7C4386E6,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000238348Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:26:38.189{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000238347Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:26:38.189{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x001705cc) 13241300x8000000000000000238346Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:26:38.189{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7bb6e-0x315489af) 13241300x8000000000000000238345Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:26:38.189{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7bb76-0x9318f1af) 13241300x8000000000000000238344Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:26:38.189{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7bb7e-0xf4dd59af) 13241300x8000000000000000238343Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:26:38.189{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000238342Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:26:38.189{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x001705cc) 13241300x8000000000000000238341Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:26:38.189{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7bb6e-0x315489af) 13241300x8000000000000000238340Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:26:38.189{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7bb76-0x9318f1af) 13241300x8000000000000000238339Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:26:38.189{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7bb7e-0xf4dd59af) 23542300x8000000000000000238350Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:39.542{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=54F018C8962D5F03027B0CE1399B281E,SHA256=38AF436ADD468CD5F0A56D452DA6573B173987964AD277696E5596B648772A65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213521Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:39.198{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B4DF44DDE877BA0AA602AB56ECFDD82,SHA256=3737AA4B5C3496F5DBB27335A0A1CB1DD193EACDEDE1B7313C25048E2C0FC5FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238352Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:40.590{6EDEAD03-E1B0-615E-2800-00000000FD01}2904NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238351Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:40.557{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=18053652D5775A946E111D79BD0BE96E,SHA256=E7344CA3B5B32613CBBFAB798673592576672EA3171CDF8F0F9245B76FE99915,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213526Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:40.292{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3916D35184D135B79BD397901D8A8FDF,SHA256=D70C3F2BFF540AC4C61A9973D39F54CAA808CFA0805CE273D78377F35A817F18,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213525Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:36.420{49C67628-E19F-615E-3700-00000000FE01}340C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50004-false169.254.169.254-80http 354300x8000000000000000213524Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:36.293{49C67628-E19F-615E-3700-00000000FE01}340C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50003-false169.254.169.254-80http 354300x8000000000000000213523Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:36.259{49C67628-E19F-615E-3700-00000000FE01}340C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50002-false169.254.169.254-80http 354300x8000000000000000213522Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:36.258{49C67628-E19F-615E-3700-00000000FE01}340C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50001-false169.254.169.254-80http 23542300x8000000000000000238354Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:41.572{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7D16ADA53A12ED07FEB24850AACD5B55,SHA256=74D4CAE6D5EDA6C5F5EFD31DA0E18843CC07A2422AA5AE9E8DD64697A1B851C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213528Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:41.292{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B638465CA091D1CF5FD4681A34D8E625,SHA256=91FE8AA9232EF96A176373192CEBA61A91A701BB3F9558F98BF9FB3FC06707A2,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238353Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:39.050{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64825-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000213527Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:36.672{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50005-false10.0.1.12-8000- 23542300x8000000000000000238356Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:42.574{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=010BC9A9B09C6F2A93EFFFEF973034E8,SHA256=D3A4794FF4BDF165818F8F64787EE049B7FEF00D8C04812CE940C2FF896903B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213529Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:42.292{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BFB5286FF5E1288345334D3879307C55,SHA256=3D0C9A125D14BB6213791FD69F8D9EB0D625691A1EA8D70B4983EF1A49510E1F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238355Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:40.481{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64826-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000238357Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:43.575{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A4C5D545E26416F175E6453B01ADE15,SHA256=FB12906ED71764BC88CF46A1FFFEF6076F5A259EBBABEA7C9CE8D309AB81654C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213530Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:43.292{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9C3C44556DFBEF9EFF3438BF69EF2BEE,SHA256=63316721FDB38B0F01A4CA9AADB09CB62F29D37CDB969341B87A2C8A55244268,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238358Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:44.576{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7EE8E65BBBF1BF9F149570205A207FF7,SHA256=460B37F758728B9E62CCC7EC0F3B28F787A400A9CC9910C6111725AEF95F944F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213531Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:44.292{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B11B0FE3892CEB1597AA4267611E292F,SHA256=6F90CD177B6C8AAA4C3B81E6CB524AFB4942B2961E9292A4864E42936FE400C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238359Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:45.611{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25E7DA0476449CBC36C465C8CD4D7FAA,SHA256=0F981F21C8B86CD10E8C7027CE24C5BF0163836C22DA77CA98B1B282656CE477,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213534Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:45.855{49C67628-E19D-615E-1D00-00000000FE01}1960NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213533Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:45.293{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD268BFE1C4C2136730371F5AE41B121,SHA256=B71EA31CDF40FD55FB15864CD591C65B52EB6B52B46F5FC2CF48DCA706C5BE8A,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213532Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:41.719{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50006-false10.0.1.12-8000- 23542300x8000000000000000238361Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:46.660{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E82C584B5D49D55B95EC315CED739530,SHA256=21BDAFD46E3B031FC9826873B8AB449DDBDF4E4224D8A1FF82FAF4BEA45E0563,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213535Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:46.293{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=048EEA58251021730F134CDA1CF2C78C,SHA256=4C2F3C0F3770682D942B7C9D3D974E99ED81FC867E2E27B97EF3A91C7C9E0C3B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238360Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:44.069{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64827-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000213549Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:47.340{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E787-615E-4101-00000000FE01}1220C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213548Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:47.340{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213547Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:47.340{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213546Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:47.340{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213545Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:47.340{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213544Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:47.340{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213543Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:47.340{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213542Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:47.340{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213541Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:47.340{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213540Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:47.340{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213539Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:47.340{49C67628-E19C-615E-0500-00000000FE01}416432C:\Windows\system32\csrss.exe{49C67628-E787-615E-4101-00000000FE01}1220C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213538Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:47.340{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E787-615E-4101-00000000FE01}1220C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213537Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:47.340{49C67628-E787-615E-4101-00000000FE01}1220C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000213536Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:47.293{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75E9921C6E1846C0280197C297695E1D,SHA256=5E769D6C77836653F18F742CE77514247E516D9FE54DA9AC017151EF37067193,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238392Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238391Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238390Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238389Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238388Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238387Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238386Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238385Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238384Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238383Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238382Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238381Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238380Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238379Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238378Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238377Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238376Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E1A0-615E-1100-00000000FD01}424C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238375Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E1A0-615E-1100-00000000FD01}424C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238374Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238373Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238372Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238371Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238370Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238369Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238368Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238367Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238366Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238365Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238364Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238363Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E1B1-615E-2A00-00000000FD01}2956C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238362Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:47.362{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E1B1-615E-2A00-00000000FD01}2956C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213567Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:48.652{49C67628-E788-615E-4201-00000000FE01}29361312C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213566Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:48.465{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E788-615E-4201-00000000FE01}2936C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213565Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:48.465{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213564Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:48.465{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213563Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:48.465{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213562Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:48.465{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213561Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:48.465{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213560Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:48.465{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213559Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:48.465{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213558Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:48.465{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213557Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:48.465{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213556Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:48.465{49C67628-E19C-615E-0500-00000000FE01}416432C:\Windows\system32\csrss.exe{49C67628-E788-615E-4201-00000000FE01}2936C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213555Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:48.465{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E788-615E-4201-00000000FE01}2936C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213554Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:48.465{49C67628-E788-615E-4201-00000000FE01}2936C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000213553Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:48.371{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=75CDF3E201C8B603C23F7E1E817CC480,SHA256=8767131EF48B93B60BF3C46798597F318B69B1C9EA8B923DBAD7C4C97BF36A22,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213552Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:48.371{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3346BDC49542EB102F0E1800109CAA56,SHA256=130F231D11FB18D97C0033E96672B1224C4CD8D605EBFF829B8308333A23DDEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213551Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:48.293{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B8AFD7007AD4C687E50108B56480F8E3,SHA256=125057334B4B844E7F0619362D997B5DB2C21D278218BA91F248DED6EA8C9B0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238393Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:48.012{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BDA8301BE230F3D067B6DEB70BB74C43,SHA256=ADB7C43E65029B25B63D8515C0692173E616C6A2169AF4A9F14B559D5CC1D677,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213550Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:44.422{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50007-false10.0.1.12-8089- 23542300x8000000000000000213582Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:49.715{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5FAE9DABD0AC12F29EDA4EC29E15BD50,SHA256=0CF707E1B35851EE907DC8A6FECB6636303CBF506476191DEAC667F00325B987,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213581Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:49.715{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=75CDF3E201C8B603C23F7E1E817CC480,SHA256=8767131EF48B93B60BF3C46798597F318B69B1C9EA8B923DBAD7C4C97BF36A22,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238394Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:49.032{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1FCFBA8988E50753FCC593C23F0CC45B,SHA256=6DB6E558A1F2A02C992E81C0ED399FEF67A1B91304350088012CAA370AD59A90,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213580Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:49.137{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E789-615E-4301-00000000FE01}1284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213579Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:49.137{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213578Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:49.137{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213577Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:49.137{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213576Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:49.137{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213575Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:49.137{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213574Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:49.137{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213573Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:49.137{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213572Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:49.137{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213571Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:49.137{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213570Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:49.137{49C67628-E19C-615E-0500-00000000FE01}4161044C:\Windows\system32\csrss.exe{49C67628-E789-615E-4301-00000000FE01}1284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213569Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:49.137{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E789-615E-4301-00000000FE01}1284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213568Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:49.137{49C67628-E789-615E-4301-00000000FE01}1284C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000213584Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:50.716{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21B6247E11D27445A5F931AE56FD8DAF,SHA256=46B5F93DF2AFC3F045C5E251833FF5D95300E3DB3FB6A97D3C9A4A7561471394,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238395Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:50.047{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85FC562DAD44ED53EDAE9DD338BD52F3,SHA256=38CB8A67C05438D86057A5480AEC77A2686B1BFF24F7F71C0A488861C3E246EB,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213583Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:47.594{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50008-false10.0.1.12-8000- 10341000x8000000000000000213612Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.965{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E78B-615E-4501-00000000FE01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213611Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.965{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213610Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.965{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213609Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.965{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213608Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.965{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213607Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.965{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213606Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.965{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213605Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.965{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213604Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.965{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213603Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.965{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213602Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.965{49C67628-E19C-615E-0500-00000000FE01}4161044C:\Windows\system32\csrss.exe{49C67628-E78B-615E-4501-00000000FE01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213601Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.965{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E78B-615E-4501-00000000FE01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213600Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.966{49C67628-E78B-615E-4501-00000000FE01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000213599Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.731{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E9DD1BD6F5EC9F49EBADF32D79E76052,SHA256=F50AD1D4475DEE0D74A1A7D43A5CEF3986CBAF7F8A6362849987367F6C7447D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238397Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:51.179{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238396Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:51.049{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D73A560895B139C36FE273618E445C1B,SHA256=B9B51B30B71A1D353F478B81DC0BAD8DDF52AA7501C1678125B189B60E15BD2F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213598Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.340{49C67628-E78B-615E-4401-00000000FE01}25003808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213597Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.168{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E78B-615E-4401-00000000FE01}2500C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213596Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.168{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213595Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.168{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213594Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.168{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213593Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.168{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213592Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.168{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213591Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.168{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213590Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.168{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213589Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.168{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213588Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.168{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213587Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.168{49C67628-E19C-615E-0500-00000000FE01}4161044C:\Windows\system32\csrss.exe{49C67628-E78B-615E-4401-00000000FE01}2500C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213586Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.168{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E78B-615E-4401-00000000FE01}2500C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213585Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:51.169{49C67628-E78B-615E-4401-00000000FE01}2500C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000213629Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:52.840{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1E29ACC3E54C20203AFE93AFD2DBA5AB,SHA256=E4B04A4C606FF278062DEAD03DFC846EF5A9EC7E95834AB2DB6EECEF7A7C99A3,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238399Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:50.073{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64828-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238398Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:52.050{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=22C6E032D6C0E49CE9233C839F193AD5,SHA256=EC3B708441F983174415CFEA0F31D2336B660A4C830EE4465F72B9D84465B907,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213628Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:52.606{49C67628-E78C-615E-4601-00000000FE01}33842036C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213627Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:52.465{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E78C-615E-4601-00000000FE01}3384C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213626Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:52.465{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213625Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:52.465{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213624Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:52.465{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213623Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:52.465{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213622Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:52.465{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213621Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:52.465{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213620Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:52.465{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213619Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:52.465{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213618Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:52.465{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213617Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:52.465{49C67628-E19C-615E-0500-00000000FE01}4161044C:\Windows\system32\csrss.exe{49C67628-E78C-615E-4601-00000000FE01}3384C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213616Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:52.465{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E78C-615E-4601-00000000FE01}3384C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213615Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:52.466{49C67628-E78C-615E-4601-00000000FE01}3384C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000213614Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:52.200{49C67628-E78B-615E-4501-00000000FE01}30763204C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000213613Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:52.168{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=10966ED3013957729BE4968EACEB46A1,SHA256=6AA212C0C89EADCE275709CE50CB12647BB6B7A3ADDD906EE24086C43B5CEAB2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238400Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:53.095{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0FF2CFDB53D1E2C970522EE0305A6DA9,SHA256=BF97735EC25EFB2F00D8255F96059F0D4BC7A3D4E0C87989C01DDEAC9C76F384,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213643Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:53.700{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FECE1035FC3D7EFCD7B6F3886F679F9A,SHA256=F60C8E3C33941913725EB02D68BE92C440A15A22228611E2A6B49E2BE3C8840F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213642Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:53.622{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E78D-615E-4701-00000000FE01}3880C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213641Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:53.622{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213640Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:53.622{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213639Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:53.622{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213638Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:53.622{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213637Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:53.622{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213636Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:53.622{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213635Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:53.622{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213634Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:53.622{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213633Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:53.622{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213632Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:53.622{49C67628-E19C-615E-0500-00000000FE01}4161044C:\Windows\system32\csrss.exe{49C67628-E78D-615E-4701-00000000FE01}3880C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213631Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:53.622{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E78D-615E-4701-00000000FE01}3880C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213630Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:53.622{49C67628-E78D-615E-4701-00000000FE01}3880C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238401Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:54.098{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4FA0F76D05BB1D6D0893654A34D3B7A0,SHA256=ABECA112D821D9FBBD2B39CF163EAFC8001D994BBD64DAB56F0F5F1413C63A2B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213644Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:53.997{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7D105BBDA343D32C81AF35C582B910E0,SHA256=AAF3BBDC32BE41705A351A7C3B66DC2FFB999C37A2095BE4C466884885F6AAE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238402Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:55.117{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85E8DCC8577CD1960EEFAFB669029404,SHA256=F912D960C1042A8A87D31A0D93FCA42B50738B6249647C7231573686207FD699,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213645Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:55.028{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D29477C2400AB6EAF79C4ADC4ECEE2DB,SHA256=0EDA9C877790F8997B630E31BBC8F5069B97E21DB3D6A76782710A18C0B7463F,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000238404Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:26:56.835{6EDEAD03-E1A0-615E-1100-00000000FD01}424C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7bb76-0x9e602f26) 23542300x8000000000000000238403Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:56.137{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13B554A308C1D5CA672B61EB939BF60C,SHA256=BE9B694E84C589AC6AB6AA0C5744D7F90CCF62C9B418BD945B78D74FBDF6FB1B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213647Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:52.672{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50009-false10.0.1.12-8000- 23542300x8000000000000000213646Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:56.044{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C7614CC8901B0213B0664F722427FC3B,SHA256=949C83B667DF2316608704D2D4FBA426D325FF1C2EDE684F56104BCA370F6166,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213648Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:57.263{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D60E73453DE43C48C058B9F0A04B98B1,SHA256=9E73B5993D02FAE54A1CF977F7F2C3EE15C6B8D6B81C9FE40B4CA97E057190BA,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238409Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:56.043{6EDEAD03-E1B3-615E-3F00-00000000FD01}3412C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64832-false169.254.169.254-80http 354300x8000000000000000238408Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:55.961{6EDEAD03-E1B3-615E-3F00-00000000FD01}3412C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64831-false169.254.169.254-80http 354300x8000000000000000238407Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:55.906{6EDEAD03-E1B3-615E-3F00-00000000FD01}3412C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64830-false169.254.169.254-80http 354300x8000000000000000238406Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:55.904{6EDEAD03-E1B3-615E-3F00-00000000FD01}3412C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64829-false169.254.169.254-80http 23542300x8000000000000000238405Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:57.151{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F850A7C7B61FBA7672B699B69955ABF8,SHA256=9F6C6096D9B612AB0D16E855FBC52A2F2B8A7EE508309A152F921AF3A3B29878,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213649Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:58.310{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=54A9F53350DDB9BB3C63FAC90D51FAF2,SHA256=51DCB93BB137BAB284470267C72407868AF6FEB7FF9BF7A99C774D214574F510,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238411Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:56.076{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64833-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238410Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:58.153{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=501C70AF8D21B1DFFE2ECDEB06F3067A,SHA256=3AAB6D91470C48A36F44CE0A9B4FC818A4240F8340AC7A084894CC7A09BAF201,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213650Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:59.341{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=52455F13EBA2F288A4943C546CFFF0F8,SHA256=1CEE98BE135F24243C73F48686485578DE4E76FF086765D5218E85C3C68D47AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238412Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:26:59.184{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EEEAA7E4BAB8A15B377D94995E672739,SHA256=5B2810A35BCE2528BA79F1541529E1B146007116A7082F4ABDB36360496AE925,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238413Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:00.193{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8D280410F3DA3977E2452ADBA98650CF,SHA256=CB41AA1AEBAABDD78EBFE8E0876C5D3FB18F0F73D234B1D6DEF7F2272A3E4D97,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213652Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:26:57.782{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50010-false10.0.1.12-8000- 23542300x8000000000000000213651Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:00.341{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25C0271E3CB70156DE1DC71B69A9CC6B,SHA256=55E41E914252E9BEAD80DD183D2736D3AE7EB673B374421B5B8950DE34AD46D3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238415Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:01.792{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1A0-615E-1600-00000000FD01}1280C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000238414Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:01.208{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2D1587970D43399D42AFED97E44B97F9,SHA256=4CCC24119ED6653CAAA56A408BF7142460B6FC2FFD8160CADF512C8B888C784E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213653Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:01.341{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F0116971D4FC98AB2993A94AB0996A64,SHA256=004F3C900C1A0DE5F4B6D17EEC8297E3EB15ED242B699E8E4667807E1245C292,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213654Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:02.341{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0A6BF4E290DB99907CC371902BBFBC61,SHA256=E92515BF6CA0BEE70A9D9DC455BC5955EF397A4011B42DDD79690B274A5E8BE2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238416Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:02.226{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=15432CD95083740B016BE92146042FA2,SHA256=626868C8961D8905667C26F33ADB22EB9E3427E4105D4E79FB8EC1026C57602E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213655Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:03.341{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=832711055AEF3A367EFAB7EF121D1CC0,SHA256=7E9637818ED351F30223D7AD911291AB19AA79061EE72C7C592ED39C84796FE3,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238418Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:02.068{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64834-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238417Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:03.244{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2E6A5F58D64F30E336A45CBA50A946C,SHA256=264B0619CBDE28B8BC4547339AFC492F97A28B2B1B84554F8214BD570DD0E6A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213656Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:04.341{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC33A05F9C3758A0A4934673150B4B1A,SHA256=C154A4CA32327A32950EAB005D744C9104EA6C12013A6653FE436D5A9E40D7D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238421Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:04.676{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=9DF33AADB22E7175BCB3C9CB634CCBFB,SHA256=1D95CEAACA5BF4853B26455D2EA62744D5DDD3F6A716D49F9A8ADEE08E47DFCC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238420Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:04.676{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=A17C7F17C3CB3B56553E72BFEE575574,SHA256=19C40CAA4E5B4E4F0F36D87C7F1C705B96BC554C2707721752C97E42EF3D9F2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238419Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:04.244{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0A38C16360F6FB68CABAB1FBA3B65F3,SHA256=62B0CA6BE1F2A3335E7F394459FE33D1FE0B9DF0AB7D1DF60FB618F0F2162280,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213658Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:02.813{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50011-false10.0.1.12-8000- 23542300x8000000000000000213657Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:05.342{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D0A444CEFCB76E500EBE5751908A15A1,SHA256=E9779C19C54C2E1F18AD357846272265BD190671394C1B563019CEC7426F3135,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238422Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:05.276{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=738698E528CFD23C4973468E911E9C11,SHA256=4227D2C89D5977ECDD034AC755C2792E536E4271B68B6C5195B53CB1E084A67A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213659Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:06.342{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EE86524E7151470B0FAD09AEE509B3CD,SHA256=761C0FE3077468B843CE978734FA15A4C9FD32B86F8CA4338D4B1946C8E0F6EB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238431Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:06.407{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E79A-615E-8A01-00000000FD01}5020C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238430Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:06.407{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238429Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:06.407{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238428Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:06.407{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238427Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:06.407{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238426Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:06.407{6EDEAD03-E19E-615E-0500-00000000FD01}4202412C:\Windows\system32\csrss.exe{6EDEAD03-E79A-615E-8A01-00000000FD01}5020C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238425Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:06.407{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E79A-615E-8A01-00000000FD01}5020C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238424Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:06.408{6EDEAD03-E79A-615E-8A01-00000000FD01}5020C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238423Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:06.276{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2FCD843C02FE7B6B836A22856237889B,SHA256=1AD750AC264484B92B8B9B4D60D4172B40BC16818685DE9B6F6EDA3C478C328A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238451Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.747{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E79B-615E-8C01-00000000FD01}5092C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238450Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.747{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238449Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.747{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238448Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.747{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238447Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.747{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238446Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.747{6EDEAD03-E19E-615E-0500-00000000FD01}420536C:\Windows\system32\csrss.exe{6EDEAD03-E79B-615E-8C01-00000000FD01}5092C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238445Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.747{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E79B-615E-8C01-00000000FD01}5092C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238444Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.747{6EDEAD03-E79B-615E-8C01-00000000FD01}5092C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238443Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.409{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B34D8A6375DD2DED5E730DDE2744B0A9,SHA256=AD1094DCE972E32A6E4F882630E21CA852F4C5EF5AF594C36685812E69543DAA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238442Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.409{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=74DBF34A94BE69AA6E6DB0B7B025B241,SHA256=F40C7B1B7D7775C09D9934073F777F126388178B482640E2A59B7AA6434DCB0B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238441Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.277{6EDEAD03-E79B-615E-8B01-00000000FD01}69525752C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000238440Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.277{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F4F88625C4EB3BEBFEA4616A1C645307,SHA256=82DFDA58B99D694DEEC05FFA0146F4B39247DBE7253187181BEE7D5D6C969D67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213660Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:07.342{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=561A6E5A131D943494BF4D57758D31F5,SHA256=92CB480F637ABA65EDDF3D300234ADDB156CF55760FCE03496F484BAC060D6C5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238439Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.078{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E79B-615E-8B01-00000000FD01}6952C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238438Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.078{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238437Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.078{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238436Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.078{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238435Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.078{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238434Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.078{6EDEAD03-E19E-615E-0500-00000000FD01}420436C:\Windows\system32\csrss.exe{6EDEAD03-E79B-615E-8B01-00000000FD01}6952C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238433Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.078{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E79B-615E-8B01-00000000FD01}6952C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238432Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.078{6EDEAD03-E79B-615E-8B01-00000000FD01}6952C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000213661Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:08.342{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=242CBDAB6DBC786368E8F2473E625BAB,SHA256=AE842CBC9BBF3FCF7F7601F39BFEDDF5FC89075BCE7755DDF0DE81683C9AB12C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238455Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:08.777{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B34D8A6375DD2DED5E730DDE2744B0A9,SHA256=AD1094DCE972E32A6E4F882630E21CA852F4C5EF5AF594C36685812E69543DAA,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238454Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:06.617{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64835-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000238453Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:06.617{6EDEAD03-E1B1-615E-2B00-00000000FD01}2968C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64835-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 23542300x8000000000000000238452Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:08.293{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E666BB693E94DCA596B5DDBF040AAECF,SHA256=94FEA73537890DDE81411725E91561B6F85550F39843B56F019067712F71B625,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213662Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:09.342{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4D2EF5F0083FC299E0B53A7EB93DD66E,SHA256=FBD44292E9056F9D5FC4BAF129DD5E08BC7F286E709AE9D4083FD3E00E6E0401,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238468Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:09.956{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E79D-615E-8D01-00000000FD01}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238467Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:09.956{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238466Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:09.956{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238465Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:09.956{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238464Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:09.956{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238463Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:09.956{6EDEAD03-E19E-615E-0500-00000000FD01}4201708C:\Windows\system32\csrss.exe{6EDEAD03-E79D-615E-8D01-00000000FD01}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238462Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:09.956{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E79D-615E-8D01-00000000FD01}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238461Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:09.957{6EDEAD03-E79D-615E-8D01-00000000FD01}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 13241300x8000000000000000238460Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:27:09.876{6EDEAD03-E1B0-615E-2700-00000000FD01}2896C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\8EFF07E0-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_8EFF07E0-0000-0000-0000-100000000000.XML 13241300x8000000000000000238459Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:27:09.856{6EDEAD03-E1B0-615E-2700-00000000FD01}2896C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\3921F692-FD43-40E6-838A-1597F7469C61\Config SourceDWORD (0x00000001) 13241300x8000000000000000238458Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:27:09.856{6EDEAD03-E1B0-615E-2700-00000000FD01}2896C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\3921F692-FD43-40E6-838A-1597F7469C61\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_3921F692-FD43-40E6-838A-1597F7469C61.XML 354300x8000000000000000238457Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:07.167{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64836-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238456Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:09.319{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CA219757324D130FA549AA0763F89C2F,SHA256=08D83C76DA24ACFAE26E7F819ABA2D7739166EDA4CA87E80D71E64B5ECB08F56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213663Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:10.342{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51C3FDDBD633ABA74A43196CF008DAC1,SHA256=D39045871B26556E0253C0E6C8C7B052D744A777CDF04FA4E9909C24C297EC84,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238471Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:10.890{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=36891421F8117D88BBDDA94777C1C3BD,SHA256=5E9E78367D0B9F1555717C02A2B31FC605450DAF4D9B474CE0C8CAC548B2E7CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238470Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:10.343{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D3464F6F0285DFC77CCAE92FFBB47855,SHA256=5D479A2F8C6480A496AE28177D10E7FB121E2BDC4E4646CDCD609D8FBA051C50,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238469Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:10.190{6EDEAD03-E79D-615E-8D01-00000000FD01}59806040C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238496Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:11.958{6EDEAD03-E79F-615E-8F01-00000000FD01}59446496C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238495Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:11.758{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E79F-615E-8F01-00000000FD01}5944C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238494Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:11.758{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238493Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:11.758{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238492Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:11.758{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238491Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:11.758{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238490Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:11.758{6EDEAD03-E19E-615E-0500-00000000FD01}420536C:\Windows\system32\csrss.exe{6EDEAD03-E79F-615E-8F01-00000000FD01}5944C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238489Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:11.758{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E79F-615E-8F01-00000000FD01}5944C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238488Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:11.758{6EDEAD03-E79F-615E-8F01-00000000FD01}5944C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000238487Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:09.797{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64839-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x8000000000000000238486Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:09.797{6EDEAD03-E1B0-615E-2700-00000000FD01}2896C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64839-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x8000000000000000238485Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:09.785{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64838-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x8000000000000000238484Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:09.785{6EDEAD03-E1B0-615E-2700-00000000FD01}2896C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64838-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x8000000000000000238483Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:09.766{6EDEAD03-E1A0-615E-0D00-00000000FD01}892C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64837-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local135epmap 354300x8000000000000000238482Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:09.765{6EDEAD03-E1B0-615E-2700-00000000FD01}2896C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64837-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local135epmap 23542300x8000000000000000238481Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:11.358{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=429EE99E92C21144E503C2F6266AA485,SHA256=BCDF0BC7D6882A87B8CDA313E650D7B5BDBF42C4C43BFEC292A03B41BDD6DC7B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213664Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:11.342{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E6778646EDDE6D40B2004D9B61949681,SHA256=4C7A46D95E403EA17F9119209BF754204BB13FD949E1C2F5B443C06BA53AB141,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238480Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:11.289{6EDEAD03-E79F-615E-8E01-00000000FD01}42045208C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238479Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:11.074{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E79F-615E-8E01-00000000FD01}4204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238478Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:11.074{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238477Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:11.074{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238476Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:11.074{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238475Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:11.074{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238474Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:11.074{6EDEAD03-E19E-615E-0500-00000000FD01}4201708C:\Windows\system32\csrss.exe{6EDEAD03-E79F-615E-8E01-00000000FD01}4204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238473Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:11.074{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E79F-615E-8E01-00000000FD01}4204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238472Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:11.075{6EDEAD03-E79F-615E-8E01-00000000FD01}4204C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000238506Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:12.505{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E7A0-615E-9001-00000000FD01}5476C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238505Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:12.505{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238504Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:12.505{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238503Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:12.505{6EDEAD03-E19E-615E-0500-00000000FD01}4201708C:\Windows\system32\csrss.exe{6EDEAD03-E7A0-615E-9001-00000000FD01}5476C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238502Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:12.505{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238501Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:12.505{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238500Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:12.505{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E7A0-615E-9001-00000000FD01}5476C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238499Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:12.507{6EDEAD03-E7A0-615E-9001-00000000FD01}5476C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238498Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:12.358{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=201EBEDE071D17C2191CD8F9C4F6FD18,SHA256=35D457322A02AFC0AFF990002443971633CD058704026E356ED0F3A28D6DFE0B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213666Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:12.342{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FF1D8525542C3D70C9583ED02E138575,SHA256=373E90525D6CD9CECDD092D92E37DF12A4FBE4851557281800B78B5801A4F3EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238497Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:12.089{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=311F8D5D75F55FCEEDCBF5D6ABAB4810,SHA256=4E97DF9BB4269F1BBE583D150E18DD4027C54B3B1AA5DED827CF5235D470AC23,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213665Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:08.657{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50012-false10.0.1.12-8000- 23542300x8000000000000000213667Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:13.342{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=575FEEF352EDD068837FAC99485C51BE,SHA256=E3302515CC9FC6143A61BEADBAA89F4C8D9C9EA714080984C28BF5472A73B311,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238508Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:13.516{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=806F4BF240F2CE975859F7894BD460E0,SHA256=44F6341D8DE2151023626977528E6A4367EE5C95F22124D1628D7C1C6A242B30,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238507Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:13.369{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=08439A31001C4A9940DD9746A066E985,SHA256=8FE3D1C63E6C82673C47D2C240561C1C26AEA42C4294277F66090A9E2487CF05,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238510Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:13.092{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64840-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238509Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:14.371{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D0E0D76DE5BDE8F36036F122F4566148,SHA256=74E0FD5EAC863CA51153ABA580642317DEE852EC69F592FB7366153BD70D792C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213669Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:14.358{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85F9EC1E67A89080E081F2548D3B0792,SHA256=5DC7F9AB0195DC02FBBA010BCAD00D8932BAAEB7B76882F73EADD6F69EFF565C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213668Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:14.157{49C67628-E19D-615E-1A00-00000000FE01}1804NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211007120136-024MD5=9D4F391515175B78F973C8B5B774DE70,SHA256=E6B13D39A78F2A37A848863A5E3913D5FD4B55347F92E521523460DA93139266,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213671Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:15.362{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10625D7181B992438B2E7009F7D110E0,SHA256=46EBD9A0D50125AF8F70227284F88D346DAF4A480A3688B7639D7F3F296EBE83,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238511Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:15.371{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E1EC44A80C3EDFED8D3068B106AC87AC,SHA256=94CFCED753D0D43391C861393E7FA3FB6BE3D510ED535D53037DB7E47EBD36CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213670Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:15.172{49C67628-E19D-615E-1A00-00000000FE01}1804NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211007120134-025MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213673Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:13.735{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50013-false10.0.1.12-8000- 23542300x8000000000000000213672Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:16.363{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E888848BB31508B8B32C19C398019E70,SHA256=9E18BE101277351F2E412663EA4A1C85FB7B2FF61FFAAB5C30789EA59231B32A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238512Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:16.372{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D5C7A592916444F9712FEB88EAD7C14,SHA256=6057228BCBED3FBF01C163282232FE77AEB56AB94CD322B108E12AA3F9E7F463,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213674Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:17.363{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4E1578E93FB2BF5ACAEEB95AF747D18E,SHA256=FC96C237A9E82F178DA9807B91B0898DB91EA163AD2C8185A9D2AFCFB8A8CCB7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238513Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:17.372{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0CEBD4C3ED55A6118A7EB3A7F8957FB3,SHA256=1FAABB4117E2063FD6A5564941845D29A24945CC8ABD4EEA83DE42802283F8DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238515Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:18.381{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19825FE407C96031B4885468763A760F,SHA256=D2F06C8527B6F1028766C2133644977075A54A123FF7476CBA34D10A9AEE6158,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213675Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:18.363{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21ACC9D2A4E3689D9551A211CD23BAF3,SHA256=41C7D1CDFB2270CE0D86580702CBFA7EA09FFD88F60DBEEAB14A39BBF14FA6B7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238514Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:18.125{6EDEAD03-E19E-615E-0B00-00000000FD01}636684C:\Windows\system32\lsass.exe{6EDEAD03-E19B-615E-0100-00000000FD01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96ef2|C:\Windows\system32\kerberos.DLL+793e4|C:\Windows\system32\kerberos.DLL+1443f|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+2b3d4|C:\Windows\system32\lsasrv.dll+30929|C:\Windows\system32\lsasrv.dll+2e287|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+15ded|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x8000000000000000238525Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:18.117{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64844-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000238524Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:18.028{6EDEAD03-E19B-615E-0100-00000000FD01}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64843-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local445microsoft-ds 354300x8000000000000000238523Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:18.028{6EDEAD03-E19B-615E-0100-00000000FD01}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64843-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local445microsoft-ds 354300x8000000000000000238522Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:17.917{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-676.attackrange.local64842-false10.0.1.14win-dc-676.attackrange.local389ldap 354300x8000000000000000238521Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:17.917{6EDEAD03-E1A0-615E-1600-00000000FD01}1280C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64842-false10.0.1.14win-dc-676.attackrange.local389ldap 354300x8000000000000000238520Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:17.906{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64841-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x8000000000000000238519Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:17.905{6EDEAD03-E1A0-615E-1600-00000000FD01}1280C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64841-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 23542300x8000000000000000238518Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:19.382{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=22394CE964D53A82BA55B0A462AE72E9,SHA256=4553518B04D2D7F6CA588EE55A371E231CF5B56067B5F4067C4A9D3C00318E7C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213676Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:19.363{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9007C5B4EF97C0ACC31BDE30B373DB66,SHA256=04A01841278B26068CABE3637FF72D563D5151AA96CB54471B4F826C83611B12,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238517Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:18.997{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C9F182E3AD335BA761FB332701977154,SHA256=6D8E6C0B98D099DC03B625C36FE55CC41F7357333A6ABD642493DE089BF06081,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238516Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:18.997{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=200E39457F8ED329749C80BB79622355,SHA256=B49C8484BEBCB2381D4CA4F478E31218983AAE055AFCC04A76AA5BFD13013598,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238526Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:20.397{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D9CAFA9E03BEA71982F6709DE7272E20,SHA256=EBF4CF98275BE4B824F328C4B81C84AB0F0B0E8A59AF21746FAC361949580281,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213677Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:20.363{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4ACA0AAD09995ADB222C0C6A8EC0DFF5,SHA256=892D9FDE3008FE034FE5A3226715FA50A8A00DDE6AAEA6FC44775F0654299C8F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213678Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:21.363{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8216A7F5ABDA9271793A8184992CEA4F,SHA256=A23E6DA0048A9E611DA0343DEE0E3F63084B0A2EFC9AB14463350FC036AA776D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238527Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:21.399{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9E571878C19EE5E6985B77AC065041C5,SHA256=8E823A3C3BD91F6921481E802616BE8A2E28EB9F62657024A78993EDEBFFA060,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000238530Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:22.734{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\SiteSecurityServiceState.txt2021-10-06 08:48:34.156 23542300x8000000000000000238529Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:22.734{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\SiteSecurityServiceState.txtMD5=0679B5CABDF5A493C168FCF51261676D,SHA256=3139F6263B87E0D8986AF7C398045A58083149803F26C79B2949A773A23740BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238528Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:22.401{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A54D7F8EADAADF9D0A1DD4329C62C221,SHA256=9A7E0B369C1CF191C0923F66563042EC3CE01FC4884E0D562125089A8F165EDC,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213680Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:19.662{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50014-false10.0.1.12-8000- 23542300x8000000000000000213679Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:22.363{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2EEB44B7A63527E389AE446480972B41,SHA256=039A1A3C019685E2A3F21DED03652D51B082F9A712FB8C80EF13DFEF01EAF576,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238531Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:23.402{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B06ADC96CDD82EBB16DFB2800BAB81ED,SHA256=537633A8A9092AEEF8052F0C2EC9A9DD7AADB5FCF62B23498160E6892643C08C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213681Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:23.364{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CFEAC5023824B2F36B56A0531FE07B52,SHA256=7D5E4866919481B751F738848F6EDF7F9AB6E43D45EF75BD758887AB5B37C96F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238533Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:23.157{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64845-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238532Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:24.403{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D7C40FE7D43CDEEC31D24BA84BBA42E2,SHA256=2EFA5E338723A4B114CB97BA7D94EC5916B087AF1E3D84E10824778352BC0A91,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213682Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:24.364{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2C34DA75694AD6F5043A26602FBFDA96,SHA256=34476727A7F3B714F945E3E542CC284372406165F25F53F4E365E9DFDBB051A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238534Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:25.408{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=66370C89982ADE144F841C582A74A474,SHA256=E7BFE41F00F9C2FA5911407AC1ABCFCBB35A2F23ADBF2F5BFAA19A046CCE7D19,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213683Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:25.364{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B8D5CCEBA805A05ADD8E24C438B7A8A,SHA256=9B09F05E0AC728D64AC5C216E56A1BE11F38C84D513CA1F14F22F6A3FB7813B8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213685Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:26.958{49C67628-E19D-615E-0D00-00000000FE01}7963844C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1400-00000000FE01}1028C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000213684Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:26.364{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=134F7C8C4B5A873D422614D746D3085F,SHA256=F8E1419132274E27989B576A34687A65E3DFA0911894BBBDE66AF5BD464AD07B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238536Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:26.594{6EDEAD03-E411-615E-E800-00000000FD01}45324640C:\Windows\system32\taskhostw.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000238535Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:26.408{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BD27BCE750FB97301CC4C22B026B17B9,SHA256=CB8265FA50EF6D5E862AFB7ED224582D29DE84C433D8BFF99DDF21DFF98B939A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238566Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.598{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=B0DF946E8D53FAA98DBE92A5FB421FB2,SHA256=90A43C8D14F8181F4834BE6067496C0EACAB547BEC22D8C8E59D0848A65462CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238565Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.582{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=9DF33AADB22E7175BCB3C9CB634CCBFB,SHA256=1D95CEAACA5BF4853B26455D2EA62744D5DDD3F6A716D49F9A8ADEE08E47DFCC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238564Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.560{6EDEAD03-E412-615E-EE00-00000000FD01}49641152C:\Windows\Explorer.EXE{6EDEAD03-E7AF-615E-9101-00000000FD01}1928C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62f15|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238563Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.560{6EDEAD03-E412-615E-EE00-00000000FD01}49641152C:\Windows\Explorer.EXE{6EDEAD03-E7AF-615E-9101-00000000FD01}1928C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e2e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238562Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.560{6EDEAD03-E412-615E-EE00-00000000FD01}49641152C:\Windows\Explorer.EXE{6EDEAD03-E7AF-615E-9101-00000000FD01}1928C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62df7|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238561Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.560{6EDEAD03-E411-615E-E800-00000000FD01}45324640C:\Windows\system32\taskhostw.exe{6EDEAD03-E7AF-615E-9201-00000000FD01}1908C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238560Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.560{6EDEAD03-E411-615E-E800-00000000FD01}45324640C:\Windows\system32\taskhostw.exe{6EDEAD03-E7AF-615E-9201-00000000FD01}1908C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238559Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.544{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1A0-615E-1600-00000000FD01}1280C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238558Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.544{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1A0-615E-1600-00000000FD01}1280C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238557Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.544{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1A0-615E-1600-00000000FD01}1280C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238556Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.528{6EDEAD03-E412-615E-EE00-00000000FD01}49645016C:\Windows\Explorer.EXE{6EDEAD03-E7AF-615E-9101-00000000FD01}1928C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62f15|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238555Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.528{6EDEAD03-E412-615E-EE00-00000000FD01}49645016C:\Windows\Explorer.EXE{6EDEAD03-E7AF-615E-9101-00000000FD01}1928C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e2e|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238554Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.528{6EDEAD03-E412-615E-EE00-00000000FD01}49645016C:\Windows\Explorer.EXE{6EDEAD03-E7AF-615E-9101-00000000FD01}1928C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62df7|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238553Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.528{6EDEAD03-E412-615E-EE00-00000000FD01}49645016C:\Windows\Explorer.EXE{6EDEAD03-E7AF-615E-9101-00000000FD01}1928C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238552Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.513{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E7AF-615E-9201-00000000FD01}1908C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62890|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238551Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.513{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E7AF-615E-9201-00000000FD01}1908C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bc0|C:\Windows\System32\SHELL32.dll+6284c|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238550Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.513{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E7AF-615E-9201-00000000FD01}1908C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62820|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238549Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.513{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E7AF-615E-9201-00000000FD01}1908C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+f5319|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238548Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.497{6EDEAD03-E1A0-615E-1600-00000000FD01}12801460C:\Windows\system32\svchost.exe{6EDEAD03-E7AF-615E-9201-00000000FD01}1908C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238547Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.497{6EDEAD03-E1A0-615E-1600-00000000FD01}12801332C:\Windows\system32\svchost.exe{6EDEAD03-E7AF-615E-9201-00000000FD01}1908C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238546Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.481{6EDEAD03-E7AF-615E-9201-00000000FD01}19084216C:\Windows\system32\conhost.exe{6EDEAD03-E7AF-615E-9101-00000000FD01}1928C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238545Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.444{6EDEAD03-E40D-615E-DD00-00000000FD01}27725988C:\Windows\system32\csrss.exe{6EDEAD03-E7AF-615E-9201-00000000FD01}1908C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 23542300x8000000000000000238544Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.428{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=685C20C582C99803CE685D956FEF8B81,SHA256=1247EC3EAEF86E8B6F7FE1308686D416AE6871447A842F79F79629D194E5AC4E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238543Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.428{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238542Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.428{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238541Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.428{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238540Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.428{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238539Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.428{6EDEAD03-E40D-615E-DD00-00000000FD01}27722172C:\Windows\system32\csrss.exe{6EDEAD03-E7AF-615E-9101-00000000FD01}1928C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238538Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.428{6EDEAD03-E412-615E-EE00-00000000FD01}49641916C:\Windows\Explorer.EXE{6EDEAD03-E7AF-615E-9101-00000000FD01}1928C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+a909f|C:\Windows\System32\windows.storage.dll+a8d15|C:\Windows\System32\windows.storage.dll+a8806|C:\Windows\System32\windows.storage.dll+a9c78|C:\Windows\System32\windows.storage.dll+a862e|C:\Windows\System32\windows.storage.dll+ab445|C:\Windows\System32\windows.storage.dll+ab7c4|C:\Windows\System32\windows.storage.dll+aae00|C:\Windows\System32\windows.storage.dll+ad62a|C:\Windows\System32\windows.storage.dll+ad3e2|C:\Windows\System32\SHELL32.dll+3f8bd|C:\Windows\System32\SHELL32.dll+3e456|C:\Windows\System32\SHELL32.dll+801d1|C:\Windows\System32\SHELL32.dll+6716e|C:\Windows\System32\SHELL32.dll+3d433|C:\Windows\System32\SHELL32.dll+3d2fb|C:\Windows\System32\SHELL32.dll+3cc17|C:\Windows\System32\SHELL32.dll+3c8dc|C:\Windows\System32\SHELL32.dll+e2157|C:\Windows\System32\SHELL32.dll+e20b5 154100x8000000000000000238537Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:27.427{6EDEAD03-E7AF-615E-9101-00000000FD01}1928C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\system32\cmd.exe" C:\Users\Administrator\ATTACKRANGE\Administrator{6EDEAD03-E40F-615E-3361-0B0000000000}0xb61332HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 23542300x8000000000000000213686Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:27.364{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A062D9C5B07985538E56F31FCFCEEC58,SHA256=D8B640F1B6A879124EF9D3E5695480F84F5FA14276AD0B6A9F2C05228C619C86,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238573Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:28.728{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5AFDC80B249EB4E1A8AAF0C0EC1A233C,SHA256=FAD8A6B42E94962ED6563718652E4038F54E51EB64A9244F70F535371982432A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238572Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:28.697{6EDEAD03-E412-615E-EE00-00000000FD01}49645072C:\Windows\Explorer.EXE{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+55a10|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF8018E0DB8A8)|UNKNOWN(FFFFFC203A2A5B48)|UNKNOWN(FFFFFC203A2A5CC7)|UNKNOWN(FFFFFC203A2A0351)|UNKNOWN(FFFFFC203A2A1D1A)|UNKNOWN(FFFFFC203A29FFD6)|UNKNOWN(FFFFF8018DDF3103)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5927b|C:\Windows\System32\SHELL32.dll+dac2a|C:\Windows\System32\SHCORE.dll+33fad 10341000x8000000000000000238571Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:28.697{6EDEAD03-E412-615E-EE00-00000000FD01}49645072C:\Windows\Explorer.EXE{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+554f1|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF8018E0DB8A8)|UNKNOWN(FFFFFC203A2A5B48)|UNKNOWN(FFFFFC203A2A5CC7)|UNKNOWN(FFFFFC203A2A0351)|UNKNOWN(FFFFFC203A2A1D1A)|UNKNOWN(FFFFFC203A29FFD6)|UNKNOWN(FFFFF8018DDF3103)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5927b|C:\Windows\System32\SHELL32.dll+dac2a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000238570Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:28.697{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms~RF17cb20.TMPMD5=C58952CF47A40E878145002B738FDDA8,SHA256=5246515B04772B58453EE8E8C5C9C6E9F2B2DADF381EDC92D5E1CAA1130C1630,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213688Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:24.787{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50015-false10.0.1.12-8000- 23542300x8000000000000000213687Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:28.364{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=257BE6EE254FB76D812FAD3A95389205,SHA256=442980E2511820AE704DB0C32DAD2362C5A465800CB1169559857DFA0708634D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238569Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:28.429{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=B0DF946E8D53FAA98DBE92A5FB421FB2,SHA256=90A43C8D14F8181F4834BE6067496C0EACAB547BEC22D8C8E59D0848A65462CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238568Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:28.413{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A7C2D7266F1AD83FA12E491AA7E4BE8C,SHA256=60A74FAD1E6C6743FB9C802B7F6305F2675CFB5ADD5953E58FD61B1DF53A2E7A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238567Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:28.413{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C9F182E3AD335BA761FB332701977154,SHA256=6D8E6C0B98D099DC03B625C36FE55CC41F7357333A6ABD642493DE089BF06081,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238575Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:29.879{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A7C2D7266F1AD83FA12E491AA7E4BE8C,SHA256=60A74FAD1E6C6743FB9C802B7F6305F2675CFB5ADD5953E58FD61B1DF53A2E7A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238574Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:29.698{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B05D3A5E91B9D5F75655826ECC579F84,SHA256=294F54E87841B9079F6E780F8EBBE5345BE70A0FC493299435D82C94E800F2BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213689Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:29.364{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0877584A548C550620B01229FE349FD,SHA256=12477FFE4549DAE5352A4B57684EADAE12A4A690CC9EAA35B7717E5E230AD042,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238578Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:30.716{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=24B43D83BA8C276D6BC9329B77C1B316,SHA256=8DF900F223DD99933F4795F742FAF26B927467EC457D77302CEACF9392707EFC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213690Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:30.364{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9064BA5B94B492CB5D307646FBF7165C,SHA256=518855FA67FE3D962E5414BE53CBA501DF56ED545277575579935B7297695B58,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238577Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:29.167{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64846-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000238576Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:30.315{6EDEAD03-E411-615E-E800-00000000FD01}45324640C:\Windows\system32\taskhostw.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238586Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:31.982{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238585Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:31.982{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238584Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:31.982{6EDEAD03-E40D-615E-DD00-00000000FD01}27722156C:\Windows\system32\csrss.exe{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238583Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:31.982{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238582Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:31.982{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238581Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:31.982{6EDEAD03-E412-615E-EE00-00000000FD01}4964364C:\Windows\Explorer.EXE{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+a909f|C:\Windows\System32\windows.storage.dll+a8d15|C:\Windows\System32\windows.storage.dll+a8806|C:\Windows\System32\windows.storage.dll+a9c78|C:\Windows\System32\windows.storage.dll+a862e|C:\Windows\System32\windows.storage.dll+ab445|C:\Windows\System32\windows.storage.dll+ab7c4|C:\Windows\System32\windows.storage.dll+aae00|C:\Windows\System32\windows.storage.dll+ad62a|C:\Windows\System32\windows.storage.dll+ad3e2|C:\Windows\System32\SHELL32.dll+3f8bd|C:\Windows\System32\SHELL32.dll+3e456|C:\Windows\System32\SHELL32.dll+801d1|C:\Windows\System32\SHELL32.dll+6716e|C:\Windows\System32\SHELL32.dll+3d433|C:\Windows\System32\SHELL32.dll+3d2fb|C:\Windows\System32\SHELL32.dll+3cc17|C:\Windows\System32\SHELL32.dll+3c8dc|C:\Windows\System32\SHELL32.dll+e2157|C:\Windows\System32\SHELL32.dll+e20b5 154100x8000000000000000238580Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:31.981{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" C:\Users\Administrator\ATTACKRANGE\Administrator{6EDEAD03-E40F-615E-3361-0B0000000000}0xb61332HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 23542300x8000000000000000238579Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:31.720{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C7371E6B0495C6E16E09970D32DC0BF,SHA256=6316E080562EA8E54153E52C0EF5863C3E395AC5C28263F518E9FF1A73C7D92A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213691Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:31.364{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2B2424545AECA301181D5D7CE77A4E19,SHA256=987174189DF58C11F8BF4983C8BC4617B265718E784CA928D414D2E01D203699,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213692Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:32.364{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6FD46B03297CFA1C0A207EE2D7B26FE2,SHA256=A6D1B9C0CF3AEDA0B7661B0D40535196ECB5AD447E1C24AC4FFC5A0D959A638E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238615Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.445{6EDEAD03-E1B0-615E-2600-00000000FD01}2868NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211007120155-024MD5=CF99E2CB113D8D2DCF43ED5FD96B633A,SHA256=1FA348E6AF774F9DE3BF8065B0725E0F0BD5741AF42D4AB3E9893B22D98D3DA4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238614Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.222{6EDEAD03-E7B3-615E-9301-00000000FD01}63643368C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+94bd7|C:\Windows\System32\windows.storage.dll+94503|C:\Windows\System32\windows.storage.dll+94389|C:\Windows\System32\windows.storage.dll+bc95|C:\Windows\System32\windows.storage.dll+bbdd|C:\Windows\System32\windows.storage.dll+a126|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+5b44|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+42aa|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+2f6d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238613Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.222{6EDEAD03-E7B3-615E-9301-00000000FD01}63643368C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\windows.storage.dll+94b42|C:\Windows\System32\windows.storage.dll+94503|C:\Windows\System32\windows.storage.dll+94389|C:\Windows\System32\windows.storage.dll+bc95|C:\Windows\System32\windows.storage.dll+bbdd|C:\Windows\System32\windows.storage.dll+a126|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+5b44|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+42aa|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+2f6d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238612Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.222{6EDEAD03-E7B3-615E-9301-00000000FD01}63643368C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+94b27|C:\Windows\System32\windows.storage.dll+94503|C:\Windows\System32\windows.storage.dll+94389|C:\Windows\System32\windows.storage.dll+bc95|C:\Windows\System32\windows.storage.dll+bbdd|C:\Windows\System32\windows.storage.dll+a126|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+5b44|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+42aa|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+2f6d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238611Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.222{6EDEAD03-E7B3-615E-9301-00000000FD01}63643368C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+94b27|C:\Windows\System32\windows.storage.dll+94503|C:\Windows\System32\windows.storage.dll+94389|C:\Windows\System32\windows.storage.dll+bc95|C:\Windows\System32\windows.storage.dll+bbdd|C:\Windows\System32\windows.storage.dll+a126|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+5b44|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+42aa|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+2f6d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238610Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.222{6EDEAD03-E7B3-615E-9301-00000000FD01}63643368C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\windows.storage.dll+139d2e|C:\Windows\System32\windows.storage.dll+9445c|C:\Windows\System32\windows.storage.dll+94238|C:\Windows\System32\windows.storage.dll+bc95|C:\Windows\System32\windows.storage.dll+bbdd|C:\Windows\System32\windows.storage.dll+a126|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+5b44|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+42aa|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+2f6d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238609Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.222{6EDEAD03-E7B3-615E-9301-00000000FD01}63643368C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+139d1c|C:\Windows\System32\windows.storage.dll+9445c|C:\Windows\System32\windows.storage.dll+94238|C:\Windows\System32\windows.storage.dll+bc95|C:\Windows\System32\windows.storage.dll+bbdd|C:\Windows\System32\windows.storage.dll+a126|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+5b44|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+42aa|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+2f6d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238608Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.222{6EDEAD03-E7B3-615E-9301-00000000FD01}63643368C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\windows.storage.dll+139d1c|C:\Windows\System32\windows.storage.dll+9445c|C:\Windows\System32\windows.storage.dll+94238|C:\Windows\System32\windows.storage.dll+bc95|C:\Windows\System32\windows.storage.dll+bbdd|C:\Windows\System32\windows.storage.dll+a126|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+5b44|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+42aa|C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe+2f6d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000238607Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.222{6EDEAD03-E7B3-615E-9301-00000000FD01}6364ATTACKRANGE\AdministratorC:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF17d8cc.TMPMD5=8554CEE29C03241DFB5882E9984AA700,SHA256=FB6542D6D734A4D8C127624D80AED6D404A14B78F01E3564E0322ACDDB2A2FB4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238606Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.184{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238605Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.137{6EDEAD03-E1A0-615E-1600-00000000FD01}12801920C:\Windows\system32\svchost.exe{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238604Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.137{6EDEAD03-E1A0-615E-1600-00000000FD01}12801332C:\Windows\system32\svchost.exe{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238603Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.085{6EDEAD03-E412-615E-EE00-00000000FD01}49641152C:\Windows\Explorer.EXE{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62f15|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238602Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.085{6EDEAD03-E412-615E-EE00-00000000FD01}49641152C:\Windows\Explorer.EXE{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e2e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238601Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.085{6EDEAD03-E412-615E-EE00-00000000FD01}49641152C:\Windows\Explorer.EXE{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62df7|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238600Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.085{6EDEAD03-E411-615E-E800-00000000FD01}45324640C:\Windows\system32\taskhostw.exe{6EDEAD03-E7B3-615E-9401-00000000FD01}3360C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238599Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.085{6EDEAD03-E411-615E-E800-00000000FD01}45324640C:\Windows\system32\taskhostw.exe{6EDEAD03-E7B3-615E-9401-00000000FD01}3360C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238598Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.054{6EDEAD03-E412-615E-EE00-00000000FD01}49645016C:\Windows\Explorer.EXE{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62f15|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238597Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.054{6EDEAD03-E412-615E-EE00-00000000FD01}49645016C:\Windows\Explorer.EXE{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e2e|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238596Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.054{6EDEAD03-E412-615E-EE00-00000000FD01}49645016C:\Windows\Explorer.EXE{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62df7|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238595Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.054{6EDEAD03-E412-615E-EE00-00000000FD01}49645016C:\Windows\Explorer.EXE{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238594Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.054{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E7B3-615E-9401-00000000FD01}3360C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62890|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238593Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.054{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E7B3-615E-9401-00000000FD01}3360C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bc0|C:\Windows\System32\SHELL32.dll+6284c|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238592Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.054{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E7B3-615E-9401-00000000FD01}3360C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62820|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238591Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.054{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E7B3-615E-9401-00000000FD01}3360C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+f5319|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238590Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.007{6EDEAD03-E1A0-615E-1600-00000000FD01}12801920C:\Windows\system32\svchost.exe{6EDEAD03-E7B3-615E-9401-00000000FD01}3360C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238589Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.007{6EDEAD03-E1A0-615E-1600-00000000FD01}12801332C:\Windows\system32\svchost.exe{6EDEAD03-E7B3-615E-9401-00000000FD01}3360C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238588Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.007{6EDEAD03-E7B3-615E-9401-00000000FD01}33603556C:\Windows\system32\conhost.exe{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238587Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:32.001{6EDEAD03-E40D-615E-DD00-00000000FD01}27722172C:\Windows\system32\csrss.exe{6EDEAD03-E7B3-615E-9401-00000000FD01}3360C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 23542300x8000000000000000213693Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:33.364{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D1F2F975AC998A45CD489BA229FBD601,SHA256=C4F48B6FE23FF61C89A51319DB9685BA84B940226CF1797D6287B4ECD743CBCC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238625Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:33.756{6EDEAD03-E19E-615E-0B00-00000000FD01}636800C:\Windows\system32\lsass.exe{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238624Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:33.756{6EDEAD03-E19E-615E-0B00-00000000FD01}636800C:\Windows\system32\lsass.exe{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x8000000000000000238623Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-07 12:27:33.570{6EDEAD03-E7B3-615E-9301-00000000FD01}6364\PSHost.132780832519818755.6364.DefaultAppDomain.powershellC:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe 23542300x8000000000000000238622Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:33.555{6EDEAD03-E7B3-615E-9301-00000000FD01}6364ATTACKRANGE\AdministratorC:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_ma1eyeak.tki.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238621Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:33.555{6EDEAD03-E7B3-615E-9301-00000000FD01}6364ATTACKRANGE\AdministratorC:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_a2q1p5r1.4q0.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238620Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:33.443{6EDEAD03-E1B0-615E-2600-00000000FD01}2868NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211007120153-025MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000238619Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:33.371{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_a2q1p5r1.4q0.ps12021-10-07 12:27:33.371 10341000x8000000000000000238618Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:33.355{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000238617Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:33.240{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA4FB43F550098EBCB0C3DC25D0E1E74,SHA256=FDD636E07A37FEAC42233843BF9DCC9DE6059BCCFF52C5595FBD4369284A30E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238616Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:33.240{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5EEBC30D23DE4896BFA47DBB0A98124C,SHA256=24A0B136B3E0E76FFDCAD2770B313FE4A71EC11C74DF4A6BCF859FBA885AE9BB,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213695Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:30.709{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50016-false10.0.1.12-8000- 23542300x8000000000000000213694Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:34.364{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1144B86F3267861878795D66F475FB54,SHA256=672D4FFBC03B6153904AA802AB3ABCC10FC1BA066FFD06EB0B86FA8796E8E520,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238627Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:34.356{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=9916115D18670ADB83BDA6180BAF9168,SHA256=0B5CEC6E1A479B937B210682B3D71F14FE03E86514C7E7DA03A4E9C46186207B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238626Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:34.240{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=27F3ED2417AEF923C77F1D2333172487,SHA256=319E5FEB1EB39F4F4F55A8AAF423DCB85339B10928767B986675C23BD958F605,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213697Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:35.365{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E50486F0FB82F5834F54C30435E1A2BA,SHA256=9D71E84D6B443E70B2D9B3AB3FDB8A7AA9606B800C01C4FE3E8981D3ECB5C864,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000238629Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:35.825{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt2021-10-07 12:27:35.825 23542300x8000000000000000238628Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:35.257{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B2C8394E05D9BB80B0E8EE201E0E7C6C,SHA256=01209CFAFBBFCD33B2420245AE20A24902AE1B0B17925F5B1D587FBE927A73CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213696Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:35.036{49C67628-E19D-615E-1200-00000000FE01}980NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=137192450A98216A58426747EC6DC81B,SHA256=C08CBE871904B481549DA92EFCD7086A1B68A9256266F774697EA79E4A23F645,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213698Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:36.365{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B80B9BC1B0204796204181D7CA822F74,SHA256=E1E1C857C262DDA377492D5BC09F5D66BB02988FA2622D77FD82A0438866E58E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238634Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:36.849{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=326D64EE98F00C872E4B8D3D57DC1A0B,SHA256=23B6D76E970BFBE5AAC3B2CABD2327DB3017213B3C35F068468C29CB23ABFE4D,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238633Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:34.947{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64847-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238632Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:36.341{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238631Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:36.341{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmMD5=7772BC5F8219EBF857EEFDF4BFDB09F6,SHA256=5F07FE11E3AEEF6C08EB20AA2F9D23C33E002A52E7529EE59E04D1E45D466B91,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238630Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:36.288{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=24256F902892A66086B64FF7B314D371,SHA256=7E5B6D5B35649704E68C3CC8AB5C3AE0046B85C0A104DEA6A71B13C3E652DA47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213699Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:37.365{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1123554D1D870911D7C75D7946D88172,SHA256=06C4D8FE46EBE497F2DFCD2D0EBA77299444564FF5873B35FA147BCD467BD6B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238636Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:37.301{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E085C7A41765A3FF08F245CCCC6BE679,SHA256=2F48A0197B62F66523EF3DCA5F81C15BAC3CD6C8B39ACC58C10CCA00FB0B4F5B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238635Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:37.120{6EDEAD03-E1A0-615E-1000-00000000FD01}372NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=ED3D99A8F2A4CCD23EB6FC694354E036,SHA256=4651709E37E27BBFABFDC3E59F559544082CB0131CB62C1A9836982AF583D190,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213700Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:38.365{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EAA93E596729B79EEFDC71D7207D5330,SHA256=FDEB42927244F7B3BCCE71891F7BFF732A899DE1DAD65DB8D8FA3E6708CD275F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238638Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:38.322{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89350C606160399EA6FAF21E205B63F7,SHA256=9B9C5C21ECBF7503AF8108945E0B5345384E070BD0C6D0C3A9A29CF8E0648D6A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238637Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:38.070{6EDEAD03-E1A0-615E-0D00-00000000FD01}8921424C:\Windows\system32\svchost.exe{6EDEAD03-E1A0-615E-1600-00000000FD01}1280C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000213701Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:39.365{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5BE3E839A1E939361D25C4322A80B601,SHA256=E6A80FE0EB8C06AB684B3AC1B3F2F84E15BBC6E034F4983ED6AF3FCF4E2C5102,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238639Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:39.324{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=45969CC40A94542F9B4AE6716D1F0D97,SHA256=22A0E08E99DDC4F7E1295C38671E381A9FC52E85ADA31A66F463DB13CDE71AF4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238642Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:40.624{6EDEAD03-E1B0-615E-2800-00000000FD01}2904NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238641Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:40.340{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1D8F21E2C6386320E7D4225AFC56593F,SHA256=C2C0E416627F507C03DD4C4EEA49CA0DA2261A158914659A4FCC049B5312275D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213703Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:40.365{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E16186C855CFB24FD1175D455E02449,SHA256=656548B63C42DDD6FB091EB5721C0E056AE83C9C15F59A84288CF91D96AC9ED8,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213702Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:36.678{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50017-false10.0.1.12-8000- 10341000x8000000000000000238640Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:40.186{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+93f6c9|C:\Program Files\Mozilla Firefox\xul.dll+93f5ea|C:\Program Files\Mozilla Firefox\xul.dll+93f1d9|C:\Program Files\Mozilla Firefox\xul.dll+93b2df|C:\Program Files\Mozilla Firefox\xul.dll+93b5ec|C:\Program Files\Mozilla Firefox\xul.dll+a8e26a|C:\Program Files\Mozilla Firefox\xul.dll+2ced09|C:\Program Files\Mozilla Firefox\xul.dll+2cec14|C:\Program Files\Mozilla Firefox\xul.dll+2ce9fd|C:\Program Files\Mozilla Firefox\xul.dll+2ce894|C:\Program Files\Mozilla Firefox\xul.dll+ab5763|C:\Program Files\Mozilla Firefox\xul.dll+ab60f1|C:\Program Files\Mozilla Firefox\xul.dll+ab545d|C:\Program Files\Mozilla Firefox\xul.dll+ab4662|C:\Program Files\Mozilla Firefox\xul.dll+adbd21|C:\Program Files\Mozilla Firefox\xul.dll+19842fd|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4 23542300x8000000000000000213704Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:41.365{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F83EFBBF5514E0B9C89E9C341A350935,SHA256=3BD5DDA9D4CD6AA5D1ACF0048A6C7050E6339281C70D716FBDC59AE102A55702,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238644Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:40.094{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64848-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238643Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:41.341{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E9B0EC8993AF48DB989124E388054BA0,SHA256=06AAA35D077AC5187FD8458FD84FC89AB7E97EDA9FCD69C27DA0B1AF02A34EEA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213705Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:42.365{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=68E0822DD404D48B45DFD14A6714C9C6,SHA256=D36B529697E03F4568F527EBB0E9A3B7281E40768A21166ADF35AC8E90F4A266,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238646Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:40.510{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64849-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000238645Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:42.358{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BFE468438F94F9AF387EE2151FE43A4A,SHA256=6BD973758738CEC7651C4CF1E736F80B1BD262730D56CD5C1897527FABCD3627,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213706Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:43.365{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3C1B44C3FFB67009091EB632DAB08C72,SHA256=DD55CCE0A4F2C592CB06198861DF212EDC4002DE13422BAAD7225423F78D768E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238647Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:43.406{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F64353721AD85532139A18A97FB41DBE,SHA256=2B3745C8FE4BFA6522C3264A103F2B66ED414805B97382BFEC1524524662D043,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238648Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:44.422{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=65F2E9C44B467B81E1FE1AAB9A16638B,SHA256=63589DD6C41912B293429A4287F686CC83472776409DD4CA07CDA7A3A9F68984,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213707Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:44.365{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9AFE277967AC6D004D1441B505A04919,SHA256=2C09229BB95FEE9E5406BB3BF72FA6830E8EA8FA17BA44370E792860D11BB46C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238649Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:45.423{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7B2CE2CEEEDE3D287074F7C3CD20A500,SHA256=3959352A4845163222F118CAE871E24D11F81DA93A47B3D41FDE064190FD2776,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213710Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:45.881{49C67628-E19D-615E-1D00-00000000FE01}1960NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213709Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:45.365{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E127C562ED5BAA0CAF0ED3FA335F665C,SHA256=7AD29CB42E24694082B818AC06284815BC811D954663B6D0E2AFA86489D08787,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213708Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:41.803{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50018-false10.0.1.12-8000- 23542300x8000000000000000213711Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:46.365{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=43643FB8236A0D5CBA2146BEA1B33380,SHA256=B51F5456DD8C188EAF11B45EC2912E31D2F8F402D19606419F490059200000AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238656Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:46.438{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE541884FBAADBBF6273A35402A66924,SHA256=53D5953E456415B1AAAD2172DC655C6F8812EEEF700087C4DB984B48BBD524B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238655Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:46.238{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=2D3992624E2CDA40A113C7854059340E,SHA256=92AA1A39AAD97E963C2F67FE455437B72DC1D7AC5E25D46C5AD1E1616C83D23B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238654Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:46.238{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=784DC3800B5EB4F23CC4570D265744AF,SHA256=537918A306AE100115DCFDAFC412453C81DC33946BAF338E5B0BEB3327BF256D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238653Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:46.238{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=FB3AA68E20C0D9E52D8D5C0660E02261,SHA256=2DA7C8F4CB8FC09ACB71F5200E6C5B2506EBE22AAA9533C986437478BEBD73BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238652Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:46.238{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=BB160CF0C5F7B60C9F9A238ADB429282,SHA256=23460D46A8EC8777A23258139E23D3273A584EC1B8EE3D672BC2548E0DAA3837,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238651Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:46.238{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=94D0CB85BDF33751D1049E24A4BFCCD7,SHA256=238A7CB9BD96BD18738E4C99E5E3B6AA1DAD2435F1B544D34FD0F7D7C55B06B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238650Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:46.238{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=1550F78C84F60AE336ED3B5DD4F5811E,SHA256=51AE2A8FE195260432017772F82C1EA668C12170233F5868249180A1F12058BE,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238658Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:45.146{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64850-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238657Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:47.457{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=90A2C383222D074D3A2F0EC51F7849C8,SHA256=1B268C840C91EF59E045A2B09E20D6D9CDD4A2D0E99FC605EC377AA5A41316FC,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213726Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:44.443{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50019-false10.0.1.12-8089- 23542300x8000000000000000213725Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:47.366{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B7EAC21AD6DAB0BEB2ADD4484908C19,SHA256=8B372A5CFCD317F8B653AAE3644B52C1241B78CF1F04B7B41FDDC4129E4D909E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213724Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:47.350{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E7C3-615E-4801-00000000FE01}3316C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213723Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:47.350{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213722Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:47.350{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213721Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:47.350{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213720Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:47.350{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213719Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:47.350{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213718Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:47.350{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213717Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:47.350{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213716Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:47.350{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213715Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:47.350{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213714Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:47.350{49C67628-E19C-615E-0500-00000000FE01}416532C:\Windows\system32\csrss.exe{49C67628-E7C3-615E-4801-00000000FE01}3316C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213713Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:47.350{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E7C3-615E-4801-00000000FE01}3316C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213712Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:47.351{49C67628-E7C3-615E-4801-00000000FE01}3316C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238659Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:48.476{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=519E6D0C356946C93CA6D8B2C67E4D5E,SHA256=87A3934C212905B3CD2DF3BBB202405B3A3F47168D59D1DC36B77B07AE8A0DAB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213743Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:48.569{49C67628-E7C4-615E-4901-00000000FE01}7483276C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213742Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:48.413{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E7C4-615E-4901-00000000FE01}748C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213741Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:48.413{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213740Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:48.413{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213739Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:48.413{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213738Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:48.413{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213737Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:48.413{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213736Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:48.413{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213735Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:48.413{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213734Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:48.413{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213733Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:48.413{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213732Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:48.413{49C67628-E19C-615E-0500-00000000FE01}416532C:\Windows\system32\csrss.exe{49C67628-E7C4-615E-4901-00000000FE01}748C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213731Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:48.413{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E7C4-615E-4901-00000000FE01}748C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213730Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:48.413{49C67628-E7C4-615E-4901-00000000FE01}748C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000213729Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:48.366{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3EC29E296BB32164570A3955B0B619F4,SHA256=0F3F06E3446CFC84794B2F330A2E412D57169BD757E7EDE769A45F39C9B159B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213728Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:48.366{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=74DC975853695837E4EC20AF53A40AEE,SHA256=22DCBFF94E34D8FE6E9CE03DD9854EC9DBFDC027B65C3BF49E7D3F3836DCCB91,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213727Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:48.366{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3AA3C2C40A1F80517235969DE52BE81F,SHA256=0332B95F6304F6AA3D34F9A996653F79094DCD3A5FFF169BE87061962B47E306,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238660Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:49.491{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B751EF4B2853616CEF286176CA241BD8,SHA256=3C54C36584577EB9CC2218BEDFA60174F384B9151663450E232F1A789AA519C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213758Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:49.553{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE32FFC06FF937B94C9DC67DD51518D3,SHA256=0D01BF01B32431A1017DCF835FE0BA0F5791F244AAAEB66CD7D0ED56563CCC5F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213757Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:49.553{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3EC29E296BB32164570A3955B0B619F4,SHA256=0F3F06E3446CFC84794B2F330A2E412D57169BD757E7EDE769A45F39C9B159B8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213756Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:49.084{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E7C5-615E-4A01-00000000FE01}3688C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213755Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:49.084{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213754Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:49.084{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213753Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:49.084{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213752Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:49.084{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213751Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:49.084{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213750Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:49.084{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213749Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:49.084{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213748Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:49.084{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213747Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:49.084{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213746Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:49.084{49C67628-E19C-615E-0500-00000000FE01}416532C:\Windows\system32\csrss.exe{49C67628-E7C5-615E-4A01-00000000FE01}3688C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213745Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:49.084{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E7C5-615E-4A01-00000000FE01}3688C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213744Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:49.085{49C67628-E7C5-615E-4A01-00000000FE01}3688C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238661Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:50.557{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=510AF0498D59A11EFBE6215D97CBC608,SHA256=2C425D32E09836A0C6556F2C0D6A7C512383E48D19A3C24FE0D6E22CBCF4AEAE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213760Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:50.553{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CDDFE71553BFDCCE1B8C4A9C9D25F461,SHA256=B3266343250AD0B30DC9F38F5CDBEECD26610F8A9BCF891318976066021928EA,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213759Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:47.678{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50020-false10.0.1.12-8000- 23542300x8000000000000000238662Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:51.576{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2EF22650D2E602CD92C5CFBBE8078BC9,SHA256=F4028154A0330A52040FFA86842C5787E63451E319D519E6DD7D27EEE8FF71B3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213788Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.835{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E7C7-615E-4C01-00000000FE01}2256C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213787Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.835{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213786Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.835{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213785Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.835{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213784Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.835{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213783Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.835{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213782Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.835{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213781Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.835{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213780Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.835{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213779Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.835{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213778Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.835{49C67628-E19C-615E-0500-00000000FE01}4161044C:\Windows\system32\csrss.exe{49C67628-E7C7-615E-4C01-00000000FE01}2256C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213777Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.835{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E7C7-615E-4C01-00000000FE01}2256C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213776Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.836{49C67628-E7C7-615E-4C01-00000000FE01}2256C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000213775Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.585{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19FED37B7286186F90A0AF9557062E10,SHA256=4B994633D6BA0FF72D7559BE416262812BC5ED7FF91C0CA088425C80554A2126,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213774Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.381{49C67628-E7C7-615E-4B01-00000000FE01}29122592C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213773Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.178{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E7C7-615E-4B01-00000000FE01}2912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213772Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.178{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213771Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.178{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213770Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.178{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213769Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.178{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213768Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.178{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213767Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.178{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213766Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.178{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213765Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.178{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213764Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.178{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213763Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.178{49C67628-E19C-615E-0500-00000000FE01}416432C:\Windows\system32\csrss.exe{49C67628-E7C7-615E-4B01-00000000FE01}2912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213762Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.178{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E7C7-615E-4B01-00000000FE01}2912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213761Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:51.179{49C67628-E7C7-615E-4B01-00000000FE01}2912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000213805Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:52.678{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=04782E1AB3EA715D20EB965B57A27A3A,SHA256=2CDA3A39AB0657B013FF86A870C299C539F8BA16A9B1B975F6971749BD73C8E3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213804Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:52.647{49C67628-E7C8-615E-4D01-00000000FE01}29641608C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000238663Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:52.578{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=169E522D749B33620B05CF23B87C9879,SHA256=5B12DD12E081041C6C265C8864C34A0E0991F3EC1FFA52F48E237C1FE840045A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213803Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:52.460{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E7C8-615E-4D01-00000000FE01}2964C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213802Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:52.460{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213801Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:52.460{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213800Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:52.460{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213799Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:52.460{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213798Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:52.460{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213797Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:52.460{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213796Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:52.460{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213795Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:52.460{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213794Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:52.460{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213793Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:52.460{49C67628-E19C-615E-0500-00000000FE01}4161044C:\Windows\system32\csrss.exe{49C67628-E7C8-615E-4D01-00000000FE01}2964C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213792Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:52.460{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E7C8-615E-4D01-00000000FE01}2964C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213791Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:52.461{49C67628-E7C8-615E-4D01-00000000FE01}2964C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000213790Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:52.382{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=21E8A935D0223EB99A04369AEF188C2B,SHA256=823F01F867E7D698D783E336AF708B37185E4CF1B685C675BC7867D573EDF140,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213789Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:52.007{49C67628-E7C7-615E-4C01-00000000FE01}22562760C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000213820Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:53.663{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ED6C976386F782BBC3B13BF0524392CF,SHA256=A3968B8350D38B646C0A35EA2AB520C7885C5293D2CE9AF100A283399DE51921,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238665Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:51.161{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64851-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238664Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:53.582{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=781487AC618AEBC3ADD6E0483FB80F8E,SHA256=17182FDCEECAA1914E8D33041518DCD5A559EEB1C1827AB6015F9A9960AF4387,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213819Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:53.632{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E7C9-615E-4E01-00000000FE01}3896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213818Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:53.632{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213817Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:53.632{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213816Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:53.632{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213815Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:53.632{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213814Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:53.632{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213813Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:53.632{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213812Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:53.632{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213811Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:53.632{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213810Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:53.632{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213809Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:53.632{49C67628-E19C-615E-0500-00000000FE01}4161044C:\Windows\system32\csrss.exe{49C67628-E7C9-615E-4E01-00000000FE01}3896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213808Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:53.632{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E7C9-615E-4E01-00000000FE01}3896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213807Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:53.632{49C67628-E7C9-615E-4E01-00000000FE01}3896C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000213806Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:53.475{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=00BB217C4275408D3D6ABAA205CF4538,SHA256=CF79F9CC259650672EF7ED50E9554D06ED4E47C49BA29D51A7B79978E7E36C0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213822Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:54.694{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB72185FE7CA520E5068C4E280B8C32D,SHA256=9D0FA9F1C0A03D5A83F2C6806B27F5C922B5635E61EF1B29C7D55C76E4465ACE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238666Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:54.586{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5C67D7867E2C24A55BB4CFBE989E75A7,SHA256=4A8A85D026C437FD933BD9131D70C783A6B37E330C4282828E7F6DE585E6DF1B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213821Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:54.632{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=693B82C89A470C5DA954C6F7A0765621,SHA256=55F674F8CC25AB899355F6CAC83BED3A066307BE90FD9235E58E526E5E52DD4D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213824Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:55.788{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B22F7412B53873DBFB04E739C8041553,SHA256=A792206F64A4BE05A178A3C10D79A8D92FFEAD3D9E26EF0719148F4A649F46A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238668Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:55.586{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C6A7FD13E928C4EA908B6F2C7E987CC0,SHA256=EC8FDD45B1FA4624304C67BCBB16E0F9136C5919722374CA8861A8D75AB7A246,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213823Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:52.756{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50021-false10.0.1.12-8000- 23542300x8000000000000000238667Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:55.486{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=E97A929E1DA428CD53EE72DA157498E4,SHA256=D3B93C86BEDCA1C75A5EADE6334A54E451652925A631FB04F3AE62D182E3ABCE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238669Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:56.602{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=847199F8524ADE28BFCCABE9F2317F4A,SHA256=C409C0D76BDDBD5C9BFA856AE7444E68742AA43EF7C7489ACDB6888283118928,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238670Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:57.617{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=77BCE7E25EDE44CDC85229934CEEBE18,SHA256=91337C588AF48013CC4F515D4FFFC6C79EE908785D4F9FB5184BE51E2821CED1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213825Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:57.023{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=759B68FB2CB7F9C6175754B3FC8D57B9,SHA256=BD602AACDAE92A03218E0D96A21924CE91F4D67D11ADA885393775D00EC7A4E8,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238672Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:57.024{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64852-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238671Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:58.632{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4FD5108700F57D6A605EC555EB72548D,SHA256=EE2FAD18912C8FA6A908482129A24037B0800B8EEE3E105D97490B6317A166A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213826Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:58.038{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0323EBAC8B27B77E904C28A1F23E5341,SHA256=72B1900490B0541D46B21A490DDCBB9DE39A69B7672F313ED218BA0D9AE85758,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238673Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:27:59.647{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=18E80CA64D3D2D64D56E55131695B6B5,SHA256=357F7BF70AD2C017B1BDE41EA7169F5CAE3D8D1908166F3BA2205B2178706F85,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213827Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:59.101{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=08570F6FCC80A1F47B7ADE55C246A178,SHA256=CB99C4CBC9FFF46B7CA7F0F24357A1D4059A4B5238F6DE00962F9371659DFDE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238674Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:00.648{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DC80669B111CA0E8E69604A372DA010C,SHA256=7B494E6565EEDFB13593877B1CC99B155F663E4F5381E0E1BC9E821F6D06C27F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213828Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:00.101{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2451AEBB1C0311DC5542CE5B681B3692,SHA256=A30A8587351F9CB91C9B8E0661DACD4F3782B8504FC79C6917DDA3D60067ABC5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238675Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:01.648{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6C8BB692687411FB22F37806DFDFB32D,SHA256=B8A8D0FF6572B985270750AE2D7DD7415DDA9196B853963E94B4B46B41919864,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213829Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:01.148{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1C0E46AF92F59902B346699779B7C3CC,SHA256=92627939783352225811AF6558B5A04683D92264D85EFA3CCFA78D2CE28CDBCF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238676Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:02.667{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21D36CBCD0172C8A6086D70702A8B51E,SHA256=B282D91E52DC6C06A2327EF93D8B2D62C22C6EB224BD1303212E9A4BDF1394E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213831Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:02.289{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0B893A5183AEA646046CFB203761090B,SHA256=230C08BD4F7302D6F4A9EBCBD1A9DE4854F7E963D4D4D7D407B66E2BABBF7F70,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213830Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:27:58.709{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50022-false10.0.1.12-8000- 23542300x8000000000000000238683Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:03.674{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=82F36D52574DAF3FA5945E7F45D31AE1,SHA256=6BC1A62A26B00DB216854BCB1A8C8D84C5C9C7A2338F8ACDE631EC8CA751C2B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213832Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:03.336{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C7D9B4174F91DE8DA094625C79D3CA54,SHA256=EA47B5BC0C77668649F92D6933EAD50B35DA2F71CFB204EE4CEAF9580DFD20FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238682Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:03.191{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=2A1DB77398670FEB4AB4AF0FEDC4B645,SHA256=EF4760CFE9904A34BE606B53FAFA4A1A56E4EA29686977A46E814BEB9123B3A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238681Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:03.191{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=C4C6B2929D68A2554C5F8EE6A346B15C,SHA256=8565D6406F88EE439EBA788DE942E5D5AB605F9DC1301AA3C0FC22D3E0E00DDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238680Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:03.191{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=8970D93737E2C6849D02A2C37173B11F,SHA256=9D2A0D9A5E4FA1CD8E7EE05B8206AFAE8835ABFCBBF892E48FB57CA1E6DD1D89,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238679Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:03.191{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=8DA80824F473CDF7F4843973594F65BF,SHA256=F082ED7EF4D2CF98BEF875E2CCF1D6B93F0387D64FF5B3830837BE8ECFBF3F8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238678Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:03.191{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=803B2AE2C5CE18928746A706FDA8C796,SHA256=C89DA93D1EA82CE66880525C2EC1AFF1BBDD0660025559AABD5EC00C3E9E6736,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238677Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:03.191{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=E7603E0B1DBDD7CA4E34827246EC83B9,SHA256=F7DA060AC22CED830C4BDD7E1E703C7CF7F3BAB6E9EEFE09E6E0399A3CA962A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238684Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:04.693{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F315B419F07D320D06A097010354CB0,SHA256=86CC87669F63264E5026EDF9DC05FAEAB3DC1C6F485E85CFE08915E769DD0E71,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213833Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:04.336{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC0A747225A2DEDCD14CE11FF4637D99,SHA256=B24A1FDE44FDB34B815236B7772217FA1159BCB24509220607636F9F0E1B100D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238686Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:05.724{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B0D0DD8401D05ED276D5FF95F1255D7,SHA256=5CD113713BE0BC8DEF3F2D90B5A0A6755FA39D1E0AE1B0FADD0F36DC57D79868,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213834Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:05.336{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E1DD50C6F8DFC1FDE3999159AAFA0D57,SHA256=2C98700B1F02517EA70850E194179400042231F81073CBD966E1E218FAD64323,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238685Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:03.029{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64853-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238695Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:06.748{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6B1F15BAE01DC3972B9C0B28AB1EA29B,SHA256=9AAD415726980A3FF5573880798230898ED8C659AB6E8FD67903077E1E9FE26C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213835Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:06.367{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=80238CDD6FD2DB31CFDF392455F0C2CE,SHA256=9D9675ED9EBD84B1EA8AC2B6090DDD098995EC65F758451E94BA554DC89C745C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238694Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:06.604{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E7D6-615E-9501-00000000FD01}6632C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238693Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:06.604{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238692Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:06.604{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238691Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:06.604{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238690Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:06.604{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238689Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:06.604{6EDEAD03-E19E-615E-0500-00000000FD01}4201708C:\Windows\system32\csrss.exe{6EDEAD03-E7D6-615E-9501-00000000FD01}6632C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238688Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:06.604{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E7D6-615E-9501-00000000FD01}6632C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238687Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:06.409{6EDEAD03-E7D6-615E-9501-00000000FD01}6632C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238707Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:07.755{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EB8CC9EBFEFB4FF92555629FC92B1B1A,SHA256=AAA1B82C0C1B0DDB6DEE0EA8C4327A8DDF34BF7277698081400144B4734EB7C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213836Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:07.367{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8BF96D7F1B9480D62BBB353E19F9C6EB,SHA256=55745EF571745EFEDBA896A94BBD71E1977A2B7B9CC62725A083A31E6254415B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238706Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:07.724{6EDEAD03-E7D7-615E-9601-00000000FD01}71167144C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238705Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:07.442{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E7D7-615E-9601-00000000FD01}7116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238704Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:07.442{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238703Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:07.442{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238702Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:07.442{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238701Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:07.442{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238700Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:07.442{6EDEAD03-E19E-615E-0500-00000000FD01}4201708C:\Windows\system32\csrss.exe{6EDEAD03-E7D7-615E-9601-00000000FD01}7116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238699Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:07.442{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E7D7-615E-9601-00000000FD01}7116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238698Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:07.286{6EDEAD03-E7D7-615E-9601-00000000FD01}7116C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238697Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:07.413{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7D6DBD68FF819E99E7BCE0BC8B85433D,SHA256=2ABAFAC4BF8CF56B0482E79F8C5FEC5A763A80E8BBBA9A96A685D6A7D9C904EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238696Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:07.413{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FAE8672C192A7776F12EC40D0F27454C,SHA256=82C89DED0782DC9DC7B9017C3360CC0BCBA4D0AA4A8BC677E3B20F7B8E738B67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238718Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:08.780{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0217CE3D4C5C5E3F21B79014E66BDB7C,SHA256=7CDB03B4A373707C5093CFDD8649D3AA2F9E7EA26FD750062D55254D6FB52AC4,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213838Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:04.662{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50023-false10.0.1.12-8000- 23542300x8000000000000000213837Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:08.367{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5AC444A1499D807A2172443BDC9A7F12,SHA256=B29FBC52CEE7A6F001E201A7B24C99787F95161E0E5E3BFB5106711565CC8C81,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238717Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:08.571{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E7D8-615E-9701-00000000FD01}7132C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238716Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:08.567{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238715Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:08.567{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238714Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:08.567{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238713Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:08.565{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238712Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:08.564{6EDEAD03-E19E-615E-0500-00000000FD01}4201708C:\Windows\system32\csrss.exe{6EDEAD03-E7D8-615E-9701-00000000FD01}7132C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238711Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:08.563{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E7D8-615E-9701-00000000FD01}7132C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238710Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:08.174{6EDEAD03-E7D8-615E-9701-00000000FD01}7132C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000238709Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:06.625{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64854-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000238708Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:06.625{6EDEAD03-E1B1-615E-2B00-00000000FD01}2968C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64854-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 10341000x8000000000000000238728Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:09.948{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E7D9-615E-9801-00000000FD01}6520C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238727Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:09.948{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238726Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:09.948{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238725Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:09.948{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238724Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:09.948{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238723Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:09.948{6EDEAD03-E19E-615E-0500-00000000FD01}4202412C:\Windows\system32\csrss.exe{6EDEAD03-E7D9-615E-9801-00000000FD01}6520C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238722Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:09.948{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E7D9-615E-9801-00000000FD01}6520C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238721Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:09.818{6EDEAD03-E7D9-615E-9801-00000000FD01}6520C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238720Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:09.801{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8098F60F90B891990C42D130D7F03FC8,SHA256=3B23DBC145E06AD618AF8CA15DB92936C11A47A9FE13D943B6CF419D46244452,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213839Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:09.367{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E1F199C06E10CABF9C9564364583FDA8,SHA256=9B7AA15B5B675784A5FE31A3B247EB8687195C89A810C605D2A4787EF6FDBF8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238719Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:09.182{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7D6DBD68FF819E99E7BCE0BC8B85433D,SHA256=2ABAFAC4BF8CF56B0482E79F8C5FEC5A763A80E8BBBA9A96A685D6A7D9C904EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238731Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:10.819{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D5F8134494F2DB774FADE907A8FADF25,SHA256=EBA46532F105871C33DF61A4C9B50851985FF3380507DD0E28391E987298DCFE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238730Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:10.803{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E46541587C287919FD974DA33DEEFCE3,SHA256=B8722A4692AB387C2208DBF2AB307F813C414EF07FD6D5770C5648E039690E95,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213840Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:10.367{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E4DF947F0160441AEA34DEE3CF2743EB,SHA256=13E222C434EED66134FD7E8513FE93857F08086F76C4BC650C33E8B3A643549F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238729Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:10.148{6EDEAD03-E7D9-615E-9801-00000000FD01}65203292C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000238751Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:11.968{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CB5870E03A4EFF1A85A3DAF420A6982A,SHA256=D1DCF9B9500FF8A04A522A4571963E634013C3E3B16AFBC9F1C0BD8A04B9F666,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238750Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:11.822{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E7DB-615E-9A01-00000000FD01}4268C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238749Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:11.822{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238748Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:11.822{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238747Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:11.822{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238746Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:11.822{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238745Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:11.822{6EDEAD03-E19E-615E-0500-00000000FD01}420436C:\Windows\system32\csrss.exe{6EDEAD03-E7DB-615E-9A01-00000000FD01}4268C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238744Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:11.822{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E7DB-615E-9A01-00000000FD01}4268C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238743Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:11.823{6EDEAD03-E7DB-615E-9A01-00000000FD01}4268C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000238742Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:11.805{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF4C9A9C05EC599EBAECEBE103278037,SHA256=851F7FD91E4975B816EB89829A14A7C9666035513EDF1EE0FE9E75DC661ACCB2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213841Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:11.367{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=112CCBA40A8286118D5F8BF6248B6B40,SHA256=47B7E0FFC1F692922D5957E3B6E0910FCF08A91E330F12F5EE59A7DE43789211,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238741Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:11.503{6EDEAD03-E7DA-615E-9901-00000000FD01}70766912C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238740Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:11.135{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E7DA-615E-9901-00000000FD01}7076C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238739Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:11.135{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238738Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:11.135{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238737Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:11.135{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238736Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:11.135{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238735Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:11.135{6EDEAD03-E19E-615E-0500-00000000FD01}4201708C:\Windows\system32\csrss.exe{6EDEAD03-E7DA-615E-9901-00000000FD01}7076C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238734Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:11.119{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E7DA-615E-9901-00000000FD01}7076C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238733Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:10.952{6EDEAD03-E7DA-615E-9901-00000000FD01}7076C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000238732Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:09.024{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64855-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238761Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:12.822{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E651450A81042663995201667F893E39,SHA256=69CB9455C46CFF483AB0F7995AB9F52B818CC4B3869E223D67164C30378340C9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238760Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:12.683{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E7DC-615E-9B01-00000000FD01}3184C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238759Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:12.680{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238758Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:12.680{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238757Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:12.679{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238756Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:12.679{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238755Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:12.675{6EDEAD03-E19E-615E-0500-00000000FD01}420436C:\Windows\system32\csrss.exe{6EDEAD03-E7DC-615E-9B01-00000000FD01}3184C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238754Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:12.675{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E7DC-615E-9B01-00000000FD01}3184C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238753Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:12.507{6EDEAD03-E7DC-615E-9B01-00000000FD01}3184C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000238752Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:12.068{6EDEAD03-E7DB-615E-9A01-00000000FD01}42686064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000213842Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:12.367{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=29446989429966A8CB5FECAD0D14C0EF,SHA256=CD3536027B0D160F7688264E0DBAD89D8D19DEDD3330DB87199F659A39D4E362,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238763Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:13.838{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DC2DD5C300F9A827E59C4B650CCE8C19,SHA256=0A4F42B1EFDB289BF5B059630336CB8F205A9B637020B261FEC86885851CD905,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213844Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:10.647{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50024-false10.0.1.12-8000- 23542300x8000000000000000213843Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:13.367{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E3EA87BDCA837B8E4F4D0B2DA0C4D4F1,SHA256=F05B7567C8D61B9D332B6A66E8154747E9940293E16E1007B4C0197DFB925C0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238762Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:13.507{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6CFD3AB8E88903566E50D5A1558626C5,SHA256=C52D15F1EEF09932EF5469EC37EC20423717D2942130BD8C7270E1C470C13A20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238764Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:14.841{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B3210796CAE780BD6B34E2BBAC2FA840,SHA256=D98B1F4C6EB2CCAAAFF6920C6F499B27C76098DA23ADB3CA7E94AC77A3B91457,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213845Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:14.368{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E273E6ADA322A28181DF077F6A2CEE2,SHA256=F7A53B437055D07794DC60294378BF8DE5109457ACD231EB9B138BCAC87FBE41,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238765Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:15.842{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=23460D8F364BC755E4013944CE6205D7,SHA256=D81071D6C5A8CC6E61736D30FFD8AFC586BF65CF0BF2B3AD9CAC6249FDBA0E05,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213847Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:15.684{49C67628-E19D-615E-1A00-00000000FE01}1804NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211007120136-025MD5=9D4F391515175B78F973C8B5B774DE70,SHA256=E6B13D39A78F2A37A848863A5E3913D5FD4B55347F92E521523460DA93139266,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213846Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:15.370{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB22EAD986F95CF68572C91DBCBF8C6D,SHA256=4B773CD6765827F435974A236DE4FC4FF218291C20AE540AD9ABCBECFD185368,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238767Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:16.863{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4F55B29C3B4D528E1A9D238BC62CD919,SHA256=BB7B637558CCDE659E3B77845B33931F6648D96608E45E2A37E13F133586DDB7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213849Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:16.688{49C67628-E19D-615E-1A00-00000000FE01}1804NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211007120134-026MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213848Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:16.376{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0191EC45E5428705A678176E37F35E13,SHA256=77DE70CBF33A66D519AA999AD08D124F8DE2F07681B01042604518622B7E16C7,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238766Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:14.061{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64856-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238768Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:17.877{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C1C7566AA8480F2E593F83F6B545802D,SHA256=E0B5A4EBFF1C664F2CB546FCA1DE4B6DD2F454E03396AEE383F07D18F4264FC3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213850Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:17.383{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2DC6FC88E52965574AB7BDC4E23F5869,SHA256=B7B156C38D84C949D098340576A622EA8DDEFE6B16A0707360018CC5409D76E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238769Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:18.897{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=97437DACEB3EAB295AE73F100F8064AE,SHA256=22E0D061EC0008464117052791EA96FEA195F043F092F26C1D4735699B14A2F3,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213852Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:15.693{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50025-false10.0.1.12-8000- 23542300x8000000000000000213851Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:18.384{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=68F87279CD68AAED6A8BE5CE6BBFB7D4,SHA256=8DCF89B086325311470A6DEBAC5591329C7E18C4858F996681A11AA175E28A66,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238778Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:19.931{6EDEAD03-E7B3-615E-9401-00000000FD01}33603556C:\Windows\system32\conhost.exe{6EDEAD03-E7E3-615E-9C01-00000000FD01}6996C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238777Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:19.931{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238776Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:19.931{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238775Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:19.931{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238774Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:19.931{6EDEAD03-E40D-615E-DD00-00000000FD01}27725988C:\Windows\system32\csrss.exe{6EDEAD03-E7E3-615E-9C01-00000000FD01}6996C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238773Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:19.931{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238772Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:19.931{6EDEAD03-E7B3-615E-9301-00000000FD01}63644244C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe{6EDEAD03-E7E3-615E-9C01-00000000FD01}6996C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\2a6ccbaba5690e5b3fec3bf707022bdb\System.ni.dll+384146|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\2a6ccbaba5690e5b3fec3bf707022bdb\System.ni.dll+2c4809|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\2a6ccbaba5690e5b3fec3bf707022bdb\System.ni.dll+2c4179|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\0784610d68cd6b36e46150702bf69c35\System.Management.Automation.ni.dll+ce6e006b(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\0784610d68cd6b36e46150702bf69c35\System.Management.Automation.ni.dll+cdb634c4(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\0784610d68cd6b36e46150702bf69c35\System.Management.Automation.ni.dll+cdb630ff(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\0784610d68cd6b36e46150702bf69c35\System.Management.Automation.ni.dll+ce62b42d(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\0784610d68cd6b36e46150702bf69c35\System.Management.Automation.ni.dll+cdb20071(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\0784610d68cd6b36e46150702bf69c35\System.Management.Automation.ni.dll+cdb83ae3(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\0784610d68cd6b36e46150702bf69c35\System.Management.Automation.ni.dll+cdb65af2(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\0784610d68cd6b36e46150702bf69c35\System.Management.Automation.ni.dll+cdb65af2(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\0784610d68cd6b36e46150702bf69c35\System.Management.Automation.ni.dll+cdb65983(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\0784610d68cd6b36e46150702bf69c35\System.Management.Automation.ni.dll+cdb566a3(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\0784610d68cd6b36e46150702bf69c35\System.Management.Automation.ni.dll+cdb63be5(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\0784610d68cd6b36e46150702bf69c35\System.Management.Automation.ni.dll+cdb63757(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\0784610d68cd6b36e46150702bf69c35\System.Management.Automation.ni.dll+cdb634c4(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\0784610d68cd6b36e46150702bf69c35\System.Management.Automation.ni.dll+cdb630ff(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\0784610d68cd6b36e46150702bf69c35\System.Management.Automation.ni.dll+ce62b42d(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\0784610d68cd6b36e46150702bf69c35\System.Management.Automation.ni.dll+cdb483aa(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\0784610d68cd6b36e46150702bf69c35\System.Management.Automation.ni.dll+cdb4791c(wow64) 154100x8000000000000000238771Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:19.932{6EDEAD03-E7E3-615E-9C01-00000000FD01}6996C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exe"C:\Windows\system32\reg.exe" query /v ETWEnabledC:\Users\Administrator\ATTACKRANGE\Administrator{6EDEAD03-E40F-615E-3361-0B0000000000}0xb61332HighMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe" 23542300x8000000000000000238770Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:19.915{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC61DB0365C475F5021D3CA7C741D2D0,SHA256=9F9EE9BE9277C3179520D17798D72D3D981CE5CD4745295EBB3C2FFBA2342BCD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213853Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:19.384{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=415C27ABF68B5C4ECC3F68794F8DF0E8,SHA256=4B036C9840E5E45C16544E1B9854B924869168DC9DD9524879732EF932D2E9EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238782Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:20.978{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DB571F47F9672BC7BC317EA93181460E,SHA256=784FFBA3BD9A98535893CB62776A32A39567E049D29477FC0260FC2E261101A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238781Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:20.978{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=27EFEA396EB968D1B349C320D4D4FF61,SHA256=179C00178EC0FC487954BA0898E98F9BC373B7839565ED691490512FA6DDF6D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238780Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:20.916{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3EABB5101A4D3E4F457B3ACE778EEBD5,SHA256=BC22AF6D031387B44856C8A97713A6FC8D675B894E674DB6FD1522AE0A3AF030,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238779Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:20.916{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=47E4B773DAF0544AEC18B26DE2935114,SHA256=068C8CEDAB3EF8D8FAD06B06AAEC22FD1A94BFAA4B7E188A9087C4E3A768411B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213854Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:20.384{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B5FA76586EB3312E7856095580F59407,SHA256=63541904B85C3DA2C5ECB6C1B4C9E2356365085C76C4BA58C6734B60FE2431E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238784Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:21.918{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5774EB78416EE35A1E2E703DF6FE9EDC,SHA256=DBA7DF73037D69306A977D6C304DA7EEB2072A4A434FBA1973BFBB1E1FB09A0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213855Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:21.384{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD9A1649837FDE20EDA245A182AC81BF,SHA256=7ECB8B7C1EFEB1F9EBEB4983A5C99A73A258F9F47CA4F104AFA7A73259B5677E,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238783Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:19.101{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64857-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238785Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:22.919{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF49B7333BB727158CE6DA899876AC07,SHA256=61597F8D5C4606F76730923A531CA98588955CA6C9DBB74ED5A2A44C8C58773F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213856Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:22.384{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BD53A248DF865DF6EFD6C5547B6613EE,SHA256=F909433BB1C5AED37A6B6A5B5C5DBC4CD74FEA4185C29B46F811C248D4258164,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238793Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:23.966{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD5F1DBC85DA9FF52B67E4C068B020CC,SHA256=0189718BDA633B574AA6685C995280FBDC40BB756E1BB227573EC5F3235C1BB8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213857Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:23.384{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8DC5046AEC83F64B2923C827C6D13EF7,SHA256=3025150A398A33A927D7E1E74F75C0501272BF750D845829E0C1E187BB453A51,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238792Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:23.166{6EDEAD03-E412-615E-EE00-00000000FD01}49642252C:\Windows\Explorer.EXE{6EDEAD03-E7AF-615E-9101-00000000FD01}1928C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62f15|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238791Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:23.166{6EDEAD03-E412-615E-EE00-00000000FD01}49642252C:\Windows\Explorer.EXE{6EDEAD03-E7AF-615E-9101-00000000FD01}1928C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e2e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238790Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:23.166{6EDEAD03-E412-615E-EE00-00000000FD01}49642252C:\Windows\Explorer.EXE{6EDEAD03-E7AF-615E-9101-00000000FD01}1928C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62df7|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238789Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:23.166{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E7AF-615E-9201-00000000FD01}1908C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62890|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238788Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:23.166{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E7AF-615E-9201-00000000FD01}1908C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bc0|C:\Windows\System32\SHELL32.dll+6284c|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238787Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:23.166{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E7AF-615E-9201-00000000FD01}1908C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62820|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238786Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:23.166{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E7AF-615E-9201-00000000FD01}1908C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+f5319|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000238794Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:24.966{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3968F99F56CC43195BE4EC918D0E19AE,SHA256=87DA1313F2A21699026574C5D122583FC4B85E55FAEDE70D60A4B23FC1494ECA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213859Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:24.384{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=588D2B2710B9F440CF0BBBD6D636D248,SHA256=8445AA150C7E303E8870D0F36C816146A8C79DFB3F411BE08B32DEAB83A82F98,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213858Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:20.819{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50026-false10.0.1.12-8000- 23542300x8000000000000000238795Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:25.983{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=38405169A34D9EA290BE6FC6E5A15CE0,SHA256=BF1715EF938F4C0E4B5E1EB4BAA5DB3BE044BCD51FA833F95C47A63683D3256C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213860Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:25.384{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F01B19A8DE3A0FE884F1CBB2D9AA8EB0,SHA256=451B9DA0D258F202D11FD37ACBE21DDC5BE3DF1AB41672DF559EBA70BB108A4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238797Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:26.983{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=288B3CC74B4BC048FE55431B2FD11B87,SHA256=E60A264E296A80B7373E88E15D6067C249F82DD1CF9D39884C8C57C4402A4976,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213861Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:26.384{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D77A82F6AE7A8C14917BAAB78981D43E,SHA256=2B28A7ABD9D5B16C08D208EC9D744D1E4EEA1B1FD4C38A93411117D7E57781AC,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238796Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:25.042{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64858-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000213862Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:27.384{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C88F080280B23486CF6989AB5D49733E,SHA256=0202045DDF35DBE578A01D24BD875C0930438E0E4E24E823D01A13F01945AA4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213863Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:28.384{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=71786572EB15A58C1FE02AE9913135FC,SHA256=72D859D87CC82EE73025BF66B4AEA053ADB239EA85065672405A022048739C87,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238806Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:28.283{6EDEAD03-E7AF-615E-9201-00000000FD01}19084216C:\Windows\system32\conhost.exe{6EDEAD03-E7EC-615E-9D01-00000000FD01}96C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238805Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:28.283{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238804Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:28.283{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238803Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:28.283{6EDEAD03-E40D-615E-DD00-00000000FD01}27725988C:\Windows\system32\csrss.exe{6EDEAD03-E7EC-615E-9D01-00000000FD01}96C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000238802Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:28.283{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238801Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:28.283{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238800Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:28.283{6EDEAD03-E7AF-615E-9101-00000000FD01}19286988C:\Windows\system32\cmd.exe{6EDEAD03-E7EC-615E-9D01-00000000FD01}96C:\Windows\system32\reg.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+1ace3|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000238799Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:28.288{6EDEAD03-E7EC-615E-9D01-00000000FD01}96C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exereg query /v ETWEnabledC:\Users\Administrator\ATTACKRANGE\Administrator{6EDEAD03-E40F-615E-3361-0B0000000000}0xb61332HighMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{6EDEAD03-E7AF-615E-9101-00000000FD01}1928C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" 23542300x8000000000000000238798Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:28.001{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9E5E7125E154A3ED9B2FB20D67B7E7A7,SHA256=A47D54686937BBA3AAE1CF7CAA5F8ADEE62312694BE50002016FE31C306C00AC,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213865Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:26.664{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50027-false10.0.1.12-8000- 23542300x8000000000000000213864Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:29.384{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=65B57FD8FB58D2F0AFF6C58342F1F236,SHA256=4E83B018B642114FCB2C4F30ED2EE87197DE11F36C0FD42FC6F3D755642CE09E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238809Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:29.304{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D1E6C5779364C36B0E239D0991BCD98D,SHA256=D8C498BA54B73BF57663BCD5ACCD0C3397ED101A5A4B7CE24278894650C6A58D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238808Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:29.300{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DB571F47F9672BC7BC317EA93181460E,SHA256=784FFBA3BD9A98535893CB62776A32A39567E049D29477FC0260FC2E261101A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238807Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:29.036{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E438E994B9AC66B0F2F95E0D90B56ADF,SHA256=23B05A488B52E65692A57A233CEFF805E49F28778D23066B86008043FB2B50D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213866Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:30.384{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=04901668E5AB776FE07815C645C80F6F,SHA256=F5B816B166B92ADE602C46F09320E4D8637AF085B9341D055F9AC08B5E2A98E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238810Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:30.051{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1DB24C21B5C4A4D737DFDE73E3EB561E,SHA256=C1E2A41FAD9C729FE41EB419D9BF2D9F9170F95FBE9740A6AF2D22CB14819121,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213867Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:31.384{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19114D19D29726BB3F4D6139E2E8FD23,SHA256=E07C67F3AF2D31BB035285E5738EE4E30138FBC23CD2C181287A4FC66558E24D,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238812Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:30.105{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64859-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238811Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:31.066{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=31E673978B490E0C8C78ADEFA2714430,SHA256=F41AE0F4E216F55C682C4A1F73C7E8585E389B8703A4AD7E0C5F749BBE650D0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213868Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:32.384{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AAA948CAA0FFB5B656AFF774C89BC442,SHA256=EEE3CB0326C2BA5254BD3AC731C1F40C18BDE9B10CABAB923E90DAF8DAACF2A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238813Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:32.103{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A2426BDCE8F44CD104E220A925F9BE1B,SHA256=7DBB5F7F39F36FCCC41FFF8113D8F6FD29228BED0632645721B3D7D04570089F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213869Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:33.384{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A957C6D467C27AAFF34AA80F6982CC51,SHA256=246CA9A2AF8113E7A7C091D33AF0B1B90D1BA676860F04616077CC0DB874B157,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238815Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:33.990{6EDEAD03-E1B0-615E-2600-00000000FD01}2868NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211007120155-025MD5=CF99E2CB113D8D2DCF43ED5FD96B633A,SHA256=1FA348E6AF774F9DE3BF8065B0725E0F0BD5741AF42D4AB3E9893B22D98D3DA4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238814Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:33.119{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=615B7597F68A0846E0E49E65E879307C,SHA256=26D34775C624EF47A789659E6DB3D42D83B444C250A9A87747C1B8A8FFE1DC91,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213871Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:31.741{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50028-false10.0.1.12-8000- 23542300x8000000000000000213870Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:34.385{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ACDD5BAC1A6F40C2CE622F0C862266E8,SHA256=1AEC38D85D5D07787DE006CCFE1FEE3F95E72841FA67A90E03461E9739B27989,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238816Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:34.140{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6821C28B8A7215148EFFAFBD4497AACF,SHA256=E6BCB02478ECF486BE5E1EF6CE60F0CBAB3470D609D82489D240A5707D851C51,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238818Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:35.155{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C0C9C9BD403FD8381FF1B7526CEE7C53,SHA256=854727A1E159A47E7ECC534AFBA513FA967A42B66985F93BD47E5594A056000C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213873Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:35.385{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C73EE68CB1F46C2E9E610BAC0C90A32A,SHA256=4CD2341AC30540AC9ED4763ADEB65891D28961189E5717C91C3473F7C2D0C1D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213872Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:35.041{49C67628-E19D-615E-1200-00000000FE01}980NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=5005CBE65FF2B9C5834BA19D41236207,SHA256=120A6D48A05F6848F6E33FD790BC6D83D6372B8FE71FA5E41C4ABE387DCEC034,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238817Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:35.003{6EDEAD03-E1B0-615E-2600-00000000FD01}2868NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211007120153-026MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238819Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:36.172{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CB62BB01731E4662F62D003CAEBE3211,SHA256=C15A1A42F0397D8AE22BB395DCA0D593A4241C67927B512433787CF979506135,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213874Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:36.385{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A88B280E7953AD0B10FEEAC9CF47D64,SHA256=21B3E3A4C27F60B249D5ACDE8AEA0E91027B6C0D6987414AF15FAFC48CB55A43,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213878Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:37.729{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1300-00000000FE01}780C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213877Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:37.729{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1300-00000000FE01}780C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213876Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:37.729{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1300-00000000FE01}780C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000213875Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:37.385{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A0B6F61CD9023DAD8FE0DB849E513172,SHA256=83676B495BC8610977F5D679B193059D34B4E9F7CDF8E31ECCB66AF379725342,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238822Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:36.095{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64860-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238821Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:37.173{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8BF9234836FE3CAEA7FF048F7CBA5E3F,SHA256=58B1E245CFAA8D8398FD5BB673F2CB35D73255E62BE7C14115C42AF775196A39,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238820Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:37.126{6EDEAD03-E1A0-615E-1000-00000000FD01}372NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=568E41791B62A66263938A7788DB3671,SHA256=D918590629FB4096314E7E2C3ADAD1AA7B5FE4DEB6BDC3684BCB3D610FA74628,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213879Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:38.385{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E87B1D2E12000F465089100F74DBD10,SHA256=DBD307FD66774AD9BDF500E08B4D2AB6E8185CC9175635414344E3941C1F730F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238823Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:38.207{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C3BA8C208578C4BD0963D14A7563122B,SHA256=012A026F4DB37608354846B89CD09318DC51A157E81FA13C981CFCF0C6D72774,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238830Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:39.236{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=20FE40E747BB1AC9457ECE73CF94FD6C,SHA256=F6100D1A3A9CA44C05FCA8B1EC53663323AE8E29F2AEA9C11FE93986835A3478,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213880Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:39.385{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E83E17485BBAF0B46A54061AEC531D09,SHA256=9A5198F1C937811678656F1EC821B371A871BE980B796D38439426F6BD8A7CBC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238829Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:39.207{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=4525730E71FA9457760F59EF5D12E3C2,SHA256=442D7FDF923AFB49C7D6147E63DEB32956E33AFABD2F5EA6B38FF45FD43DF85A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238828Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:39.207{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=B4AA60BD08EABAFE377546522909AEAB,SHA256=A9D3373A0B177517D0D4CE68C61C844ABB1D4A34E4E333121AEFDE3389C16F1D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238827Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:39.192{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=677A4523CF9A553BF2CF0B0493F25493,SHA256=7C895C0842368E4C57EB039A01F714F554B5329B658A0F2A46A73D5D5D19472A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238826Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:39.192{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=1C8EF01CD176B8B2076F1853B256EF6A,SHA256=65DEEF4662E3A57869EF44A216B4E72A47AD2B1AE2B1ECF2BA927B9B0EE86A5A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238825Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:39.192{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=EEB35E9C8273CA42177EBB960E451187,SHA256=771A15DEA5E3284F06A7B9896547B7AC9CA8E219D94E203F3FF5C830FDCCF808,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238824Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:39.192{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=983D02A6AC6A156E3FB5FC74DA7E6EF2,SHA256=95FB696D5026FE26779925100B5E92DAC203A7A14ACCE4566B3C48D9457E3C4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238832Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:40.637{6EDEAD03-E1B0-615E-2800-00000000FD01}2904NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238831Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:40.299{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D826B0664D41DD0E167B8C7B3CA38F76,SHA256=986C2B2399CE7B65B11A08A9B43F756A635D3CE147DAB407762EFBD6DDC07C4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213881Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:40.401{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1306A71BA0A3C6B63E586B524F705FF1,SHA256=8F96442F6BE0CFCA05848A5238F1CA108F26EFA48774D8A880CAC6B03F630CED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238833Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:41.315{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E55A7D859DE5DFD6A8C321BC073A685,SHA256=83A396485F3A61D0BEF7CE1BB1E84110D8BCA7E27386877DD697BEE47E440F93,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213883Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:41.401{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=07470F398E2AC35D1E6691C47DB3B2B8,SHA256=FEF8AF059E4D66C053B0DC5FAE9E3A4BB02E57BB04DB4E5B7256BAEE5BD4CE9D,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213882Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:37.601{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50029-false10.0.1.12-8000- 23542300x8000000000000000213884Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:42.416{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CB1E5D81C53E0FC1A7E5EF8CAF69AB88,SHA256=893ADD3E6B51D21E78067A51A4D8958439595F45AD8FCBF4577C7B03107FA925,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238835Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:40.537{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64861-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000238834Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:42.333{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D01D7A0757A04053C1F89402F7286254,SHA256=5D5F604EC3C3D750C39D6D759EF160577E80F1C03A8EC39684402411F4BB71F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213885Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:43.573{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7853076E7640218370F8962E4A38FA44,SHA256=3877597D07A4983D5C22FB62DC7C5682D898F6EEC3FA1E19DF1755BF417677D3,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000238837Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:42.106{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64862-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000238836Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:43.351{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=597C7960594E795452BF6B62F0914F22,SHA256=343C20B1937901931723A09C5AB92028112A7E049E03A829B9AEE87157389D19,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213886Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:44.573{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=415CC4FEDD80C867431EAC874948C2ED,SHA256=34A0AEDF7BD6789014145EB3020261B5A77B9581C21799A9C945B767B1590E0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238838Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:44.366{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9EE8BE0FE7E864D9F55143A13A0844DB,SHA256=35DABDA11D4022AA53B8FC81B89C6CAB78FF4D600AD5A065842C5A64AD441E39,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213888Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:45.901{49C67628-E19D-615E-1D00-00000000FE01}1960NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213887Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:45.620{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=74367B2B63DBF89D8A42575ECF98C172,SHA256=5484FF926E70E04EF9E0330547255E4456C90D36CE962E0C5DF6B2095D55A042,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238846Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:45.382{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CF2F5DCBD6227A4600A89902A1A21373,SHA256=A54003581892157D86C2C0D20D795657DFFA63D7027FD8FD68A9E9F1CBFB1F44,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238845Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:45.366{6EDEAD03-E412-615E-EE00-00000000FD01}49642088C:\Windows\Explorer.EXE{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62f15|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238844Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:45.350{6EDEAD03-E412-615E-EE00-00000000FD01}49642088C:\Windows\Explorer.EXE{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e2e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238843Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:45.350{6EDEAD03-E412-615E-EE00-00000000FD01}49642088C:\Windows\Explorer.EXE{6EDEAD03-E7B3-615E-9301-00000000FD01}6364C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62df7|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238842Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:45.350{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E7B3-615E-9401-00000000FD01}3360C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62890|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238841Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:45.350{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E7B3-615E-9401-00000000FD01}3360C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bc0|C:\Windows\System32\SHELL32.dll+6284c|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238840Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:45.350{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E7B3-615E-9401-00000000FD01}3360C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62820|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238839Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:45.350{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E7B3-615E-9401-00000000FD01}3360C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+f5319|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000213890Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:46.698{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5773EC1169175E885475BAC2420F3327,SHA256=257D04BB43A53922106CD71485D57E30DFE91CDC54FAE8AA224429080DF53EB2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238850Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:46.396{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB3664232DF411EC54D8607562277CE5,SHA256=94020B6E47D41761F16992E62F63EABDA4DFADCCC18EAC454C72BE6A1A53A3E6,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213889Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:42.757{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50030-false10.0.1.12-8000- 10341000x8000000000000000238849Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:46.312{6EDEAD03-E412-615E-EE00-00000000FD01}49642088C:\Windows\Explorer.EXE{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62df7|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238848Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:46.296{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62820|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238847Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:46.296{6EDEAD03-E412-615E-EE00-00000000FD01}49644372C:\Windows\Explorer.EXE{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+f5319|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000238875Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.917{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=86640CB1798D1A478D536A6231E50036,SHA256=96B3A1A563B85A376CB9FDD89CEF187E497C3346D01AF485F2583DDB158562B8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000238874Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.616{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+ebee38|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880 10341000x8000000000000000238873Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.553{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880 10341000x8000000000000000238872Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.553{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880 23542300x8000000000000000213904Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:47.713{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB68EAD7B7F0BBB56640FCBE4AFCE2BF,SHA256=9FA5DA551C85AEE6A9551DFA1A00C3F52A63AE1D1A133BED7C9E9A0641623021,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213903Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:47.354{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E7FF-615E-4F01-00000000FE01}3848C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213902Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:47.354{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213901Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:47.354{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213900Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:47.354{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213899Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:47.354{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213898Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:47.354{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213897Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:47.354{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213896Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:47.354{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213895Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:47.354{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213894Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:47.354{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213893Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:47.354{49C67628-E19C-615E-0500-00000000FE01}416432C:\Windows\system32\csrss.exe{49C67628-E7FF-615E-4F01-00000000FE01}3848C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213892Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:47.354{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E7FF-615E-4F01-00000000FE01}3848C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213891Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:47.355{49C67628-E7FF-615E-4F01-00000000FE01}3848C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000238871Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.237{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880 10341000x8000000000000000238870Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.237{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880 10341000x8000000000000000238869Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.237{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880 10341000x8000000000000000238868Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.233{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880 10341000x8000000000000000238867Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.214{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac7053|C:\Program Files\Mozilla Firefox\xul.dll+ae56a1|C:\Program Files\Mozilla Firefox\xul.dll+3065d1|C:\Program Files\Mozilla Firefox\xul.dll+efca65|C:\Program Files\Mozilla Firefox\xul.dll+b357f4|C:\Program Files\Mozilla Firefox\xul.dll+305edd|C:\Program Files\Mozilla Firefox\xul.dll+38c97b|C:\Program Files\Mozilla Firefox\xul.dll+38c17d|C:\Program Files\Mozilla Firefox\xul.dll+b1ff5a|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c 10341000x8000000000000000238866Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.214{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac7053|C:\Program Files\Mozilla Firefox\xul.dll+ae56a1|C:\Program Files\Mozilla Firefox\xul.dll+3065d1|C:\Program Files\Mozilla Firefox\xul.dll+efca65|C:\Program Files\Mozilla Firefox\xul.dll+b357f4|C:\Program Files\Mozilla Firefox\xul.dll+305edd|C:\Program Files\Mozilla Firefox\xul.dll+38c97b|C:\Program Files\Mozilla Firefox\xul.dll+38c17d|C:\Program Files\Mozilla Firefox\xul.dll+b1ff5a|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c 10341000x8000000000000000238865Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.214{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac7053|C:\Program Files\Mozilla Firefox\xul.dll+ae56a1|C:\Program Files\Mozilla Firefox\xul.dll+3065d1|C:\Program Files\Mozilla Firefox\xul.dll+efca65|C:\Program Files\Mozilla Firefox\xul.dll+b357f4|C:\Program Files\Mozilla Firefox\xul.dll+305edd|C:\Program Files\Mozilla Firefox\xul.dll+38c97b|C:\Program Files\Mozilla Firefox\xul.dll+38c17d|C:\Program Files\Mozilla Firefox\xul.dll+b1ff5a|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c 10341000x8000000000000000238864Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.214{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac7053|C:\Program Files\Mozilla Firefox\xul.dll+ae56a1|C:\Program Files\Mozilla Firefox\xul.dll+3065d1|C:\Program Files\Mozilla Firefox\xul.dll+efca65|C:\Program Files\Mozilla Firefox\xul.dll+b357f4|C:\Program Files\Mozilla Firefox\xul.dll+305edd|C:\Program Files\Mozilla Firefox\xul.dll+38c97b|C:\Program Files\Mozilla Firefox\xul.dll+38c17d|C:\Program Files\Mozilla Firefox\xul.dll+b1ff5a|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c 10341000x8000000000000000238863Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.214{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac7053|C:\Program Files\Mozilla Firefox\xul.dll+ae56a1|C:\Program Files\Mozilla Firefox\xul.dll+3065d1|C:\Program Files\Mozilla Firefox\xul.dll+efca65|C:\Program Files\Mozilla Firefox\xul.dll+b357f4|C:\Program Files\Mozilla Firefox\xul.dll+305edd|C:\Program Files\Mozilla Firefox\xul.dll+38c97b|C:\Program Files\Mozilla Firefox\xul.dll+38c17d|C:\Program Files\Mozilla Firefox\xul.dll+b1ff5a|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c 10341000x8000000000000000238862Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.214{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac7053|C:\Program Files\Mozilla Firefox\xul.dll+add5ff|C:\Program Files\Mozilla Firefox\xul.dll+add289|C:\Program Files\Mozilla Firefox\xul.dll+efc332|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880|C:\Program Files\Mozilla Firefox\xul.dll+e556f5|C:\Program Files\Mozilla Firefox\xul.dll+e55284|C:\Program Files\Mozilla Firefox\xul.dll+e54d39|C:\Program Files\Mozilla Firefox\xul.dll+e5595f 10341000x8000000000000000238861Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.214{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac7053|C:\Program Files\Mozilla Firefox\xul.dll+add5ff|C:\Program Files\Mozilla Firefox\xul.dll+add289|C:\Program Files\Mozilla Firefox\xul.dll+efc332|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880|C:\Program Files\Mozilla Firefox\xul.dll+e556f5|C:\Program Files\Mozilla Firefox\xul.dll+e55284|C:\Program Files\Mozilla Firefox\xul.dll+e54d39|C:\Program Files\Mozilla Firefox\xul.dll+e5595f 10341000x8000000000000000238860Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.199{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac7053|C:\Program Files\Mozilla Firefox\xul.dll+add5ff|C:\Program Files\Mozilla Firefox\xul.dll+add289|C:\Program Files\Mozilla Firefox\xul.dll+efc332|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880|C:\Program Files\Mozilla Firefox\xul.dll+e556f5|C:\Program Files\Mozilla Firefox\xul.dll+e55284|C:\Program Files\Mozilla Firefox\xul.dll+e54d39|C:\Program Files\Mozilla Firefox\xul.dll+e5595f 10341000x8000000000000000238859Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.199{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac7053|C:\Program Files\Mozilla Firefox\xul.dll+add5ff|C:\Program Files\Mozilla Firefox\xul.dll+add289|C:\Program Files\Mozilla Firefox\xul.dll+efc332|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880|C:\Program Files\Mozilla Firefox\xul.dll+e556f5|C:\Program Files\Mozilla Firefox\xul.dll+e55284|C:\Program Files\Mozilla Firefox\xul.dll+e54d39|C:\Program Files\Mozilla Firefox\xul.dll+e5595f 10341000x8000000000000000238858Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.199{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac7053|C:\Program Files\Mozilla Firefox\xul.dll+add5ff|C:\Program Files\Mozilla Firefox\xul.dll+add289|C:\Program Files\Mozilla Firefox\xul.dll+efc332|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880|C:\Program Files\Mozilla Firefox\xul.dll+e556f5|C:\Program Files\Mozilla Firefox\xul.dll+e55284|C:\Program Files\Mozilla Firefox\xul.dll+e54d39|C:\Program Files\Mozilla Firefox\xul.dll+e5595f 10341000x8000000000000000238857Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.199{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac7053|C:\Program Files\Mozilla Firefox\xul.dll+add5ff|C:\Program Files\Mozilla Firefox\xul.dll+add289|C:\Program Files\Mozilla Firefox\xul.dll+addabe|C:\Program Files\Mozilla Firefox\xul.dll+ebeec2|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880|C:\Program Files\Mozilla Firefox\xul.dll+e556f5|C:\Program Files\Mozilla Firefox\xul.dll+e55284|C:\Program Files\Mozilla Firefox\xul.dll+e54d39 10341000x8000000000000000238856Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.199{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac7053|C:\Program Files\Mozilla Firefox\xul.dll+add5ff|C:\Program Files\Mozilla Firefox\xul.dll+add289|C:\Program Files\Mozilla Firefox\xul.dll+addabe|C:\Program Files\Mozilla Firefox\xul.dll+ebeec2|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880|C:\Program Files\Mozilla Firefox\xul.dll+e556f5|C:\Program Files\Mozilla Firefox\xul.dll+e55284|C:\Program Files\Mozilla Firefox\xul.dll+e54d39 10341000x8000000000000000238855Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.199{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac7053|C:\Program Files\Mozilla Firefox\xul.dll+add5ff|C:\Program Files\Mozilla Firefox\xul.dll+add289|C:\Program Files\Mozilla Firefox\xul.dll+addabe|C:\Program Files\Mozilla Firefox\xul.dll+ebeec2|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880|C:\Program Files\Mozilla Firefox\xul.dll+e556f5|C:\Program Files\Mozilla Firefox\xul.dll+e55284|C:\Program Files\Mozilla Firefox\xul.dll+e54d39 10341000x8000000000000000238854Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.199{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac7053|C:\Program Files\Mozilla Firefox\xul.dll+add5ff|C:\Program Files\Mozilla Firefox\xul.dll+add289|C:\Program Files\Mozilla Firefox\xul.dll+addabe|C:\Program Files\Mozilla Firefox\xul.dll+ebeec2|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880|C:\Program Files\Mozilla Firefox\xul.dll+e556f5|C:\Program Files\Mozilla Firefox\xul.dll+e55284|C:\Program Files\Mozilla Firefox\xul.dll+e54d39 10341000x8000000000000000238853Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.082{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e56b54 10341000x8000000000000000238852Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.066{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e56b54 10341000x8000000000000000238851Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.066{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e56b54 23542300x8000000000000000213922Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:48.776{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5F14F81BB24F8F8ECD63AF76CBE15E1C,SHA256=06A4ED0FA5765EE9FFFFE828B5002E2A38A8C9D057866188994ED390582B1AA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000238876Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:48.559{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=475A6EC91B317ECF78566A815D02BB77,SHA256=639531A799563570A83D2DC635073446B7B5087B29C63BB404C54AC7A3B46B71,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213921Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:48.589{49C67628-E800-615E-5001-00000000FE01}36163380C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000213920Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:44.461{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50031-false10.0.1.12-8089- 23542300x8000000000000000213919Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:48.432{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=39893BDB03F1CCAF66840C88C1E4FEC9,SHA256=07E5BA68BEF6527EFA53E680A5C7457DFC08CA717B2D47B205420B336FEB15F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213918Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:48.432{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BF417BD5CCA14A1B2FD0BFC0B246B044,SHA256=A1B1274BBEB4DF2FD56237FB18ADB2A39C9C05EB1022322897D671EAD1E75971,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213917Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:48.432{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E800-615E-5001-00000000FE01}3616C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213916Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:48.432{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213915Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:48.432{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213914Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:48.432{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213913Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:48.432{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213912Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:48.432{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213911Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:48.432{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213910Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:48.432{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213909Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:48.432{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213908Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:48.432{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213907Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:48.432{49C67628-E19C-615E-0500-00000000FE01}4161044C:\Windows\system32\csrss.exe{49C67628-E800-615E-5001-00000000FE01}3616C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213906Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:48.432{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E800-615E-5001-00000000FE01}3616C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213905Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:48.433{49C67628-E800-615E-5001-00000000FE01}3616C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000238884Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:48.279{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64866-false185.150.190.192-443https 354300x8000000000000000238883Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:48.093{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64865-false185.150.190.192-80http 354300x8000000000000000238882Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:48.092{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64864-false185.150.190.192-80http 23542300x8000000000000000238881Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.568{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9C0549154600026ED884FE8D88C0AF09,SHA256=CC7769336AA2CE8E1E555E01AA0B5ECB9162BF9833734EB2356353CAE77ED902,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213936Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:49.432{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=39893BDB03F1CCAF66840C88C1E4FEC9,SHA256=07E5BA68BEF6527EFA53E680A5C7457DFC08CA717B2D47B205420B336FEB15F5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213935Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:49.104{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E801-615E-5101-00000000FE01}1136C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213934Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:49.104{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213933Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:49.104{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213932Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:49.104{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213931Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:49.104{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213930Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:49.104{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213929Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:49.104{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213928Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:49.104{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213927Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:49.104{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213926Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:49.104{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213925Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:49.104{49C67628-E19C-615E-0500-00000000FE01}416432C:\Windows\system32\csrss.exe{49C67628-E801-615E-5101-00000000FE01}1136C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213924Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:49.104{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E801-615E-5101-00000000FE01}1136C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213923Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:49.105{49C67628-E801-615E-5101-00000000FE01}1136C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000238880Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:48.006{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51224- 354300x8000000000000000238879Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.996{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64863-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000238878Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.996{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-51908- 354300x8000000000000000238877Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:47.977{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51908- 23542300x8000000000000000213939Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:50.995{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F485C8B37EFF94A8449B971B63E12C3A,SHA256=09597249AB7EBADEBC81EBC5223B6D664784C0F82A575B077144C937F6DCE402,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000213938Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:47.789{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50032-false10.0.1.12-8000- 23542300x8000000000000000213937Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:49.995{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=65D8DB937A1F8A99E9F5081C1B8BA839,SHA256=51B60E966D984F49C78D57AC48E09E2FEC1660069FE9995CB1FBAFABC5EA360D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239137Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.888{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239136Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.888{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239135Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.887{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239134Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.887{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239133Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.839{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880 354300x8000000000000000239132Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.661{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-65498- 354300x8000000000000000239131Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.660{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-55462- 354300x8000000000000000239130Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.658{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-58284- 354300x8000000000000000239129Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.641{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57470- 354300x8000000000000000239128Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.641{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58745- 354300x8000000000000000239127Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.641{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50949- 354300x8000000000000000239126Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.640{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64896-false141.193.213.20-443https 354300x8000000000000000239125Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.639{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55698- 354300x8000000000000000239124Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.638{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59157- 354300x8000000000000000239123Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.636{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55680- 354300x8000000000000000239122Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.634{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local49976- 354300x8000000000000000239121Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.634{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58531- 354300x8000000000000000239120Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.634{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56487- 354300x8000000000000000239119Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.633{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55462- 354300x8000000000000000239118Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.633{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60609- 354300x8000000000000000239117Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.632{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58284- 354300x8000000000000000239116Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.631{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60984- 354300x8000000000000000239115Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.629{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57314- 354300x8000000000000000239114Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.578{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64894-false151.101.114.137-443https 354300x8000000000000000239113Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.578{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64893-false13.225.87.106server-13-225-87-106.fra2.r.cloudfront.net443https 354300x8000000000000000239112Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.577{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local54926-false172.67.176.45-443https 354300x8000000000000000239111Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.566{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64888-false188.120.242.106-443https 354300x8000000000000000239110Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.560{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64892-false172.67.73.206-443https 354300x8000000000000000239109Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.553{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64890-false142.250.184.193fra24s11-in-f1.1e100.net443https 354300x8000000000000000239108Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.553{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64891-false104.26.4.190-443https 354300x8000000000000000239107Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.552{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64889-false172.67.215.136-443https 354300x8000000000000000239106Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.548{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54925- 354300x8000000000000000239105Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.547{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57515- 354300x8000000000000000239104Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.544{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55618- 354300x8000000000000000239103Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.543{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58178- 354300x8000000000000000239102Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.541{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53716- 354300x8000000000000000239101Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.540{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58938- 354300x8000000000000000239100Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.540{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57268- 354300x8000000000000000239099Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.540{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50565- 354300x8000000000000000239098Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.539{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60388- 354300x8000000000000000239097Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.539{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58771- 354300x8000000000000000239096Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.531{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52668- 354300x8000000000000000239095Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.530{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60670- 354300x8000000000000000239094Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.530{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61369- 354300x8000000000000000239093Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.530{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50359- 354300x8000000000000000239092Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.529{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50747- 354300x8000000000000000239091Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.529{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64887-false18.66.92.211-443https 354300x8000000000000000239090Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.523{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55400- 354300x8000000000000000239089Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.522{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56410- 354300x8000000000000000239088Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.522{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57839- 354300x8000000000000000239087Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.522{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50284- 354300x8000000000000000239086Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.517{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59861- 354300x8000000000000000239085Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.516{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64886-false13.224.193.55server-13-224-193-55.fra2.r.cloudfront.net443https 354300x8000000000000000239084Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.508{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local49237- 354300x8000000000000000239083Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.501{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58834- 354300x8000000000000000239082Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.495{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52767- 354300x8000000000000000239081Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.494{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58126- 354300x8000000000000000239080Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.486{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51028- 354300x8000000000000000239079Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.486{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-51034- 354300x8000000000000000239078Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.482{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64885-false172.67.74.59-443https 354300x8000000000000000239077Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.482{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58073- 354300x8000000000000000239076Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.481{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-60734- 354300x8000000000000000239075Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.481{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local49967- 354300x8000000000000000239074Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.477{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60523- 354300x8000000000000000239073Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.477{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57290- 354300x8000000000000000239072Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.476{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54889- 354300x8000000000000000239071Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.473{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55673- 354300x8000000000000000239070Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.467{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52996- 354300x8000000000000000239069Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.467{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55397- 354300x8000000000000000239068Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.466{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58976- 354300x8000000000000000239067Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.461{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51034- 354300x8000000000000000239066Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.460{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57260- 354300x8000000000000000239065Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.455{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60734- 354300x8000000000000000239064Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.452{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56571- 354300x8000000000000000239063Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.451{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-51321- 354300x8000000000000000239062Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.446{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58766- 354300x8000000000000000239061Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.443{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64881-false217.160.0.62217-160-0-62.elastic-ssl.ui-r.com443https 354300x8000000000000000239060Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.442{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64884-false151.101.112.193-443https 354300x8000000000000000239059Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.441{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64883-false104.21.73.196-443https 354300x8000000000000000239058Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.441{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64882-false151.101.112.193-443https 354300x8000000000000000239057Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.441{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64877-false85.25.213.73gallery.yopriceville.com443https 354300x8000000000000000239056Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.441{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64878-false142.250.184.193fra24s11-in-f1.1e100.net443https 354300x8000000000000000239055Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.440{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64880-false172.67.176.45-443https 354300x8000000000000000239054Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.440{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64879-false18.66.92.211-443https 354300x8000000000000000239053Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.438{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-57545- 354300x8000000000000000239052Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.438{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-65500- 354300x8000000000000000239051Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.428{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56893- 354300x8000000000000000239050Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.427{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51321- 354300x8000000000000000239049Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.423{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56391- 354300x8000000000000000239048Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.422{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56623- 354300x8000000000000000239047Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.422{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51213- 354300x8000000000000000239046Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.419{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-60268- 354300x8000000000000000239045Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.419{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-60250- 354300x8000000000000000239044Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.416{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60437- 10341000x8000000000000000239043Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.744{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239042Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.744{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239041Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.743{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880 23542300x8000000000000000239040Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.676{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=798A01BDCE261A9FEF0564396FB879AA,SHA256=D1A74B890FE5A5ABFD4B3560022BF3A3923D95C968D7AD545FEEF8A80005C966,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239039Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.656{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239038Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.641{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239037Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.621{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000239036Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.412{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local65500- 354300x8000000000000000239035Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.412{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57545- 354300x8000000000000000239034Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.410{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local65499- 354300x8000000000000000239033Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.409{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50755- 354300x8000000000000000239032Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.408{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60563- 354300x8000000000000000239031Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.408{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local65498- 354300x8000000000000000239030Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.402{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64876-false13.225.83.163server-13-225-83-163.fra2.r.cloudfront.net443https 354300x8000000000000000239029Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.402{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58831- 354300x8000000000000000239028Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.402{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53374- 354300x8000000000000000239027Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.402{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64875-false104.26.4.228-443https 354300x8000000000000000239026Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.401{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58120- 354300x8000000000000000239025Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.401{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50335- 354300x8000000000000000239024Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.394{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60268- 354300x8000000000000000239023Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.394{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60250- 354300x8000000000000000239022Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.392{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57326- 354300x8000000000000000239021Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.391{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53103- 354300x8000000000000000239020Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.390{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52625- 354300x8000000000000000239019Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.370{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local53527-false142.250.185.106fra16s49-in-f10.1e100.net443https 354300x8000000000000000239018Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.368{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59954- 354300x8000000000000000239017Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.362{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53526- 354300x8000000000000000239016Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.353{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local52396-false142.250.185.232fra16s53-in-f8.1e100.net443https 354300x8000000000000000239015Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.349{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local52395-false172.67.140.13-443https 354300x8000000000000000239014Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.336{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64874-false142.250.186.67fra24s05-in-f3.1e100.net80http 354300x8000000000000000239013Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.287{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52394- 354300x8000000000000000239012Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.282{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55244- 354300x8000000000000000239011Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.248{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64873-false142.250.185.232fra16s53-in-f8.1e100.net443https 354300x8000000000000000239010Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.247{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64872-false172.67.140.13-443https 354300x8000000000000000239009Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.246{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64871-false172.67.140.13-443https 354300x8000000000000000239008Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.246{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64869-false172.67.140.13-443https 354300x8000000000000000239007Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.244{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64870-false172.67.140.13-443https 354300x8000000000000000239006Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.233{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58067- 354300x8000000000000000239005Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.233{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57425- 354300x8000000000000000239004Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.233{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59096- 354300x8000000000000000239003Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.227{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-49932- 354300x8000000000000000239002Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.227{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-58018- 354300x8000000000000000239001Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.227{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64868-false142.250.185.106fra16s49-in-f10.1e100.net443https 354300x8000000000000000239000Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.227{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54888- 354300x8000000000000000238999Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.226{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58205- 354300x8000000000000000238998Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.212{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56270- 354300x8000000000000000238997Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.212{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56685- 354300x8000000000000000238996Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.210{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64867-false13.32.121.122server-13-32-121-122.fra60.r.cloudfront.net443https 354300x8000000000000000238995Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.209{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local49932- 354300x8000000000000000238994Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.206{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54434- 354300x8000000000000000238993Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.202{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58018- 354300x8000000000000000238992Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.200{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55788- 10341000x8000000000000000238991Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.447{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238990Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.445{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238989Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.445{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238988Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.442{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238987Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.441{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238986Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.307{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238985Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.301{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238984Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.300{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238983Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.298{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238982Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.298{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238981Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.298{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238980Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.298{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000238979Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.294{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 22542200x8000000000000000238978Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.649{6EDEAD03-E420-615E-0601-00000000FD01}6016gstaticadssl.l.google.com0216.58.212.131;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238977Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.648{6EDEAD03-E420-615E-0601-00000000FD01}6016futurity.org0128.151.77.219;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238976Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.646{6EDEAD03-E420-615E-0601-00000000FD01}6016www.futurity.org0type: 5 futurity.org;::ffff:128.151.77.219;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238975Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.644{6EDEAD03-E420-615E-0601-00000000FD01}6016proxy1.frontrunnerpro.com098.129.167.1;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238974Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.643{6EDEAD03-E420-615E-0601-00000000FD01}6016www.lassahnfuneralhomes.com0type: 5 proxy1.frontrunnerpro.com;::ffff:98.129.167.1;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238973Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.560{6EDEAD03-E420-615E-0601-00000000FD01}6016k.sni.global.fastly.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238972Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.556{6EDEAD03-E420-615E-0601-00000000FD01}6016k.sni.global.fastly.net0151.101.114.137;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238971Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.556{6EDEAD03-E420-615E-0601-00000000FD01}6016cdn.engine.4dsply.com02606:4700::6810:9f11;2606:4700::6810:9e11;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238970Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.556{6EDEAD03-E420-615E-0601-00000000FD01}6016player.ex.co0type: 5 k.sni.global.fastly.net;::ffff:151.101.114.137;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238969Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.556{6EDEAD03-E420-615E-0601-00000000FD01}6016test.quantcast.mgr.consensu.org02600:9000:225e:2e00:3:a4cd:8380:93a1;2600:9000:225e:1400:3:a4cd:8380:93a1;2600:9000:225e:a600:3:a4cd:8380:93a1;2600:9000:225e:ba00:3:a4cd:8380:93a1;2600:9000:225e:800:3:a4cd:8380:93a1;2600:9000:225e:3c00:3:a4cd:8380:93a1;2600:9000:225e:b800:3:a4cd:8380:93a1;2600:9000:225e:ec00:3:a4cd:8380:93a1;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238968Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.553{6EDEAD03-E420-615E-0601-00000000FD01}6016d23p84anwf0tgh.cloudfront.net02600:9000:2251:9a00:1f:c89d:840:93a1;2600:9000:2251:8200:1f:c89d:840:93a1;2600:9000:2251:a200:1f:c89d:840:93a1;2600:9000:2251:1c00:1f:c89d:840:93a1;2600:9000:2251:b000:1f:c89d:840:93a1;2600:9000:2251:8a00:1f:c89d:840:93a1;2600:9000:2251:bc00:1f:c89d:840:93a1;2600:9000:2251:f000:1f:c89d:840:93a1;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238967Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.552{6EDEAD03-E420-615E-0601-00000000FD01}6016cdn.engine.4dsply.com0104.16.159.17;104.16.158.17;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238966Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.551{6EDEAD03-E420-615E-0601-00000000FD01}6016a1887.dscq.akamai.net02a02:26f0:1700:f::1737:a194;2a02:26f0:1700:f::1737:a1a4;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238965Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.551{6EDEAD03-E420-615E-0601-00000000FD01}6016cdn.engine.4dsply.com0::ffff:104.16.158.17;::ffff:104.16.159.17;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238964Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.549{6EDEAD03-E420-615E-0601-00000000FD01}6016test.quantcast.mgr.consensu.org013.225.87.110;13.225.87.32;13.225.87.125;13.225.87.106;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238963Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.549{6EDEAD03-E420-615E-0601-00000000FD01}6016a1887.dscq.akamai.net02.22.118.146;2.22.118.162;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238962Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.548{6EDEAD03-E420-615E-0601-00000000FD01}6016d23p84anwf0tgh.cloudfront.net013.32.99.34;13.32.99.63;13.32.99.19;13.32.99.56;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238961Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.548{6EDEAD03-E420-615E-0601-00000000FD01}6016jsc.adskeeper.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238960Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.548{6EDEAD03-E420-615E-0601-00000000FD01}6016community-assets.home-assistant.io02606:4700:20::ac43:445a;2606:4700:20::681a:5ee;2606:4700:20::681a:4ee;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238959Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.543{6EDEAD03-E420-615E-0601-00000000FD01}6016en.metal-tracker.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238958Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.541{6EDEAD03-E420-615E-0601-00000000FD01}6016test.quantcast.mgr.consensu.org0::ffff:13.225.87.106;::ffff:13.225.87.110;::ffff:13.225.87.32;::ffff:13.225.87.125;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238957Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.540{6EDEAD03-E420-615E-0601-00000000FD01}6016community-assets.home-assistant.io0104.26.5.238;104.26.4.238;172.67.68.90;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238956Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.539{6EDEAD03-E420-615E-0601-00000000FD01}6016jsc.adskeeper.com0104.18.17.65;104.18.16.65;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238955Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.538{6EDEAD03-E420-615E-0601-00000000FD01}6016cbslocal.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238954Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.538{6EDEAD03-E420-615E-0601-00000000FD01}6016d3inagkmqs1m6q.cloudfront.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238953Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.538{6EDEAD03-E420-615E-0601-00000000FD01}6016r3.o.lencr.org0type: 5 o.lencr.edgesuite.net;type: 5 a1887.dscq.akamai.net;::ffff:2.22.118.162;::ffff:2.22.118.146;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238952Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.531{6EDEAD03-E420-615E-0601-00000000FD01}6016en.metal-tracker.com092.63.104.16;188.120.240.253;188.120.242.106;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238951Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.530{6EDEAD03-E420-615E-0601-00000000FD01}6016d3inagkmqs1m6q.cloudfront.net013.224.193.96;13.224.193.129;13.224.193.40;13.224.193.55;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238950Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.530{6EDEAD03-E420-615E-0601-00000000FD01}6016communities.bentley.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238949Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.529{6EDEAD03-E420-615E-0601-00000000FD01}6016cbslocal.com0192.0.66.136;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238948Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.525{6EDEAD03-E420-615E-0601-00000000FD01}6016www.stgeorgeutah.com02606:4700:20::681a:abd;2606:4700:20::ac43:49ce;2606:4700:20::681a:bbd;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238947Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.525{6EDEAD03-E420-615E-0601-00000000FD01}6016trickbd.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238946Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.516{6EDEAD03-E420-615E-0601-00000000FD01}6016trickbd.com0104.21.35.73;172.67.215.136;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238945Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.515{6EDEAD03-E420-615E-0601-00000000FD01}6016communities.bentley.com045.60.31.181;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238944Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.514{6EDEAD03-E420-615E-0601-00000000FD01}6016barbadostoday.bb9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238943Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.505{6EDEAD03-E420-615E-0601-00000000FD01}6016www.stgeorgeutah.com0104.26.11.189;104.26.10.189;172.67.73.206;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238942Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.504{6EDEAD03-E420-615E-0601-00000000FD01}6016cimg4.ibsrv.net02606:4700:3030::6815:49c4;2606:4700:3033::ac43:94cb;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238941Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.500{6EDEAD03-E420-615E-0601-00000000FD01}6016de8zxmid6wwpr.cloudfront.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238940Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.500{6EDEAD03-E420-615E-0601-00000000FD01}6016b.dmlimg.com0type: 5 d23p84anwf0tgh.cloudfront.net;::ffff:13.32.99.56;::ffff:13.32.99.34;::ffff:13.32.99.63;::ffff:13.32.99.19;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238939Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.498{6EDEAD03-E420-615E-0601-00000000FD01}6016barbadostoday.bb0141.193.213.21;141.193.213.20;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238938Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.496{6EDEAD03-E420-615E-0601-00000000FD01}6016augustacrime.com02606:4700:20::681a:425;2606:4700:20::681a:525;2606:4700:20::ac43:4a3b;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238937Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.495{6EDEAD03-E420-615E-0601-00000000FD01}6016de8zxmid6wwpr.cloudfront.net013.35.253.7;13.35.253.37;13.35.253.34;13.35.253.80;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238936Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.492{6EDEAD03-E420-615E-0601-00000000FD01}6016fabwags.com02606:4700:20::681a:4be;2606:4700:20::681a:5be;2606:4700:20::ac43:4605;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238935Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.491{6EDEAD03-E420-615E-0601-00000000FD01}6016augustacrime.com0104.26.5.37;104.26.4.37;172.67.74.59;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238934Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.488{6EDEAD03-E420-615E-0601-00000000FD01}6016busyteacher.org02606:4700:3032::ac43:b02d;2606:4700:3035::6815:1f5f;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238933Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.487{6EDEAD03-E420-615E-0601-00000000FD01}6016jsc.adskeeper.com0::ffff:104.18.16.65;::ffff:104.18.17.65;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238932Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.486{6EDEAD03-E420-615E-0601-00000000FD01}6016cimg4.ibsrv.net0172.67.148.203;104.21.73.196;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238931Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.486{6EDEAD03-E420-615E-0601-00000000FD01}6016fabwags.com0104.26.5.190;172.67.70.5;104.26.4.190;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238930Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.484{6EDEAD03-E420-615E-0601-00000000FD01}6016ipv4.imgur.map.fastly.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238929Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.483{6EDEAD03-E420-615E-0601-00000000FD01}6016vbrichclient.com02001:8d8:100f:f000::211;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238928Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.482{6EDEAD03-E420-615E-0601-00000000FD01}6016vbrichclient.com0217.160.0.62;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238927Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.481{6EDEAD03-E420-615E-0601-00000000FD01}6016ipv4.imgur.map.fastly.net0151.101.112.193;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238926Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.481{6EDEAD03-E420-615E-0601-00000000FD01}6016busyteacher.org0104.21.31.95;172.67.176.45;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238925Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.480{6EDEAD03-E420-615E-0601-00000000FD01}6016community-assets.home-assistant.io0::ffff:172.67.68.90;::ffff:104.26.5.238;::ffff:104.26.4.238;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238924Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.480{6EDEAD03-E420-615E-0601-00000000FD01}6016en.metal-tracker.com0::ffff:188.120.242.106;::ffff:92.63.104.16;::ffff:188.120.240.253;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238923Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.480{6EDEAD03-E420-615E-0601-00000000FD01}6016d3trabu2dfbdfb.cloudfront.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238922Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.476{6EDEAD03-E420-615E-0601-00000000FD01}6016d3trabu2dfbdfb.cloudfront.net018.66.92.119;18.66.92.167;18.66.92.144;18.66.92.211;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238921Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.475{6EDEAD03-E420-615E-0601-00000000FD01}6016assets.suredone.com0type: 5 d3inagkmqs1m6q.cloudfront.net;::ffff:13.224.193.55;::ffff:13.224.193.96;::ffff:13.224.193.129;::ffff:13.224.193.40;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238920Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.472{6EDEAD03-E420-615E-0601-00000000FD01}6016philadelphia.cbslocal.com0type: 5 cbslocal.com;::ffff:192.0.66.136;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238919Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.472{6EDEAD03-E420-615E-0601-00000000FD01}6016communities.bentley.com0::ffff:45.60.31.181;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238918Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.469{6EDEAD03-E420-615E-0601-00000000FD01}6016www.stgeorgeutah.com0::ffff:172.67.73.206;::ffff:104.26.11.189;::ffff:104.26.10.189;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238917Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.468{6EDEAD03-E420-615E-0601-00000000FD01}6016trickbd.com0::ffff:172.67.215.136;::ffff:104.21.35.73;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238916Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.463{6EDEAD03-E420-615E-0601-00000000FD01}6016barbadostoday.bb0::ffff:141.193.213.20;::ffff:141.193.213.21;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238915Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.460{6EDEAD03-E420-615E-0601-00000000FD01}6016h30434.www3.hp.com0type: 5 psg.lithium.com;type: 5 de8zxmid6wwpr.cloudfront.net;::ffff:13.35.253.80;::ffff:13.35.253.7;::ffff:13.35.253.37;::ffff:13.35.253.34;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238914Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.454{6EDEAD03-E420-615E-0601-00000000FD01}6016augustacrime.com0::ffff:172.67.74.59;::ffff:104.26.5.37;::ffff:104.26.4.37;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238913Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.454{6EDEAD03-E420-615E-0601-00000000FD01}6016photos-ugc.l.googleusercontent.com02a00:1450:4001:812::2001;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238912Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.454{6EDEAD03-E420-615E-0601-00000000FD01}60161.bp.blogspot.com0type: 5 photos-ugc.l.googleusercontent.com;::ffff:142.250.184.193;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238911Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.450{6EDEAD03-E420-615E-0601-00000000FD01}6016fabwags.com0::ffff:104.26.4.190;::ffff:104.26.5.190;::ffff:172.67.70.5;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238910Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.435{6EDEAD03-E420-615E-0601-00000000FD01}6016cimg4.ibsrv.net0::ffff:104.21.73.196;::ffff:172.67.148.203;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238909Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.435{6EDEAD03-E420-615E-0601-00000000FD01}6016i.imgur.com0type: 5 ipv4.imgur.map.fastly.net;::ffff:151.101.112.193;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238908Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.432{6EDEAD03-E420-615E-0601-00000000FD01}6016photos-ugc.l.googleusercontent.com0142.250.184.193;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238907Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.430{6EDEAD03-E420-615E-0601-00000000FD01}6016busyteacher.org0::ffff:172.67.176.45;::ffff:104.21.31.95;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238906Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.430{6EDEAD03-E420-615E-0601-00000000FD01}6016d3trabu2dfbdfb.cloudfront.net0::ffff:18.66.92.211;::ffff:18.66.92.119;::ffff:18.66.92.167;::ffff:18.66.92.144;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238905Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.430{6EDEAD03-E420-615E-0601-00000000FD01}6016vbrichclient.com0::ffff:217.160.0.62;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238904Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.423{6EDEAD03-E420-615E-0601-00000000FD01}6016gallery.yopriceville.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238903Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.420{6EDEAD03-E420-615E-0601-00000000FD01}60163.bp.blogspot.com0type: 5 photos-ugc.l.googleusercontent.com;::ffff:142.250.184.193;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238902Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.420{6EDEAD03-E420-615E-0601-00000000FD01}6016sarkariyojana.com02606:4700:20::681a:5e4;2606:4700:20::ac43:4978;2606:4700:20::681a:4e4;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238901Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.417{6EDEAD03-E420-615E-0601-00000000FD01}6016d3j7xsc0vda5xv.cloudfront.net02600:9000:2240:fe00:0:5a51:64c9:c681;2600:9000:2240:cc00:0:5a51:64c9:c681;2600:9000:2240:d200:0:5a51:64c9:c681;2600:9000:2240:ce00:0:5a51:64c9:c681;2600:9000:2240:de00:0:5a51:64c9:c681;2600:9000:2240:3600:0:5a51:64c9:c681;2600:9000:2240:2c00:0:5a51:64c9:c681;2600:9000:2240:c000:0:5a51:64c9:c681;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238900Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.413{6EDEAD03-E420-615E-0601-00000000FD01}6016gallery.yopriceville.com085.25.213.73;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238899Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.412{6EDEAD03-E420-615E-0601-00000000FD01}6016gallery.yopriceville.com0::ffff:85.25.213.73;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238898Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.411{6EDEAD03-E420-615E-0601-00000000FD01}6016d3j7xsc0vda5xv.cloudfront.net013.225.83.163;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238897Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.411{6EDEAD03-E420-615E-0601-00000000FD01}6016sarkariyojana.com0104.26.5.228;172.67.73.120;104.26.4.228;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238896Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.409{6EDEAD03-E420-615E-0601-00000000FD01}6016c8.staticflickr.com0type: 5 d3j7xsc0vda5xv.cloudfront.net;::ffff:13.225.83.163;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238895Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.409{6EDEAD03-E420-615E-0601-00000000FD01}6016sarkariyojana.com0::ffff:104.26.4.228;::ffff:104.26.5.228;::ffff:172.67.73.120;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238894Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.246{6EDEAD03-E420-615E-0601-00000000FD01}6016www.rssing.com02606:4700:3032::6815:5ed0;2606:4700:3032::ac43:8c0d;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238893Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.246{6EDEAD03-E420-615E-0601-00000000FD01}6016www-googletagmanager.l.google.com02a00:1450:4001:80e::2008;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238892Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.242{6EDEAD03-E420-615E-0601-00000000FD01}6016www.rssing.com0172.67.140.13;104.21.94.208;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238891Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.237{6EDEAD03-E420-615E-0601-00000000FD01}6016www.rssing.com0::ffff:172.67.140.13;::ffff:104.21.94.208;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238890Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.236{6EDEAD03-E420-615E-0601-00000000FD01}6016quantcast.mgr.consensu.org02600:9000:2240:1800:9:46dc:4700:93a1;2600:9000:2240:1400:9:46dc:4700:93a1;2600:9000:2240:6c00:9:46dc:4700:93a1;2600:9000:2240:f000:9:46dc:4700:93a1;2600:9000:2240:e00:9:46dc:4700:93a1;2600:9000:2240:3a00:9:46dc:4700:93a1;2600:9000:2240:8c00:9:46dc:4700:93a1;2600:9000:2240:1e00:9:46dc:4700:93a1;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238889Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.221{6EDEAD03-E420-615E-0601-00000000FD01}6016quantcast.mgr.consensu.org013.32.121.65;13.32.121.100;13.32.121.44;13.32.121.122;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238888Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.215{6EDEAD03-E420-615E-0601-00000000FD01}6016quantcast.mgr.consensu.org0::ffff:13.32.121.122;::ffff:13.32.121.65;::ffff:13.32.121.100;::ffff:13.32.121.44;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238887Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:48.023{6EDEAD03-E420-615E-0601-00000000FD01}6016managed670.rssing.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238886Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:48.015{6EDEAD03-E420-615E-0601-00000000FD01}6016managed670.rssing.com0185.150.190.192;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000238885Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:48.014{6EDEAD03-E420-615E-0601-00000000FD01}6016managed670.rssing.com0::ffff:185.150.190.192;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000239214Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.980{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239213Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.974{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239212Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.814{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880 354300x8000000000000000239211Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.660{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-54888- 354300x8000000000000000239210Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.659{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-58122- 354300x8000000000000000239209Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.638{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local65501- 354300x8000000000000000239208Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.637{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58229- 354300x8000000000000000239207Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.637{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50847- 354300x8000000000000000239206Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.636{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55862- 354300x8000000000000000239205Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.634{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52182- 354300x8000000000000000239204Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.634{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58122- 354300x8000000000000000239203Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.633{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52083- 354300x8000000000000000239202Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.632{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61357- 354300x8000000000000000239201Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.616{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64914-false54.145.239.115ec2-54-145-239-115.compute-1.amazonaws.com443https 354300x8000000000000000239200Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.530{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50664- 354300x8000000000000000239199Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.529{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56370- 354300x8000000000000000239198Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.524{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50908- 23542300x8000000000000000239197Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.731{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=570301C15F32B8960921485D746B0BD4,SHA256=8280E057FB7A3EC1DF6667A3D4C75CA0A02F91A2A12F57E976ABE9244DBA7A13,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239196Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.628{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E425-615E-0B01-00000000FD01}5880C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239195Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.626{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213966Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.854{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E803-615E-5301-00000000FE01}3340C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213965Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.854{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213964Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.854{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213963Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.854{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213962Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.854{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213961Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.854{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213960Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.854{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213959Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.854{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213958Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.854{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213957Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.854{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213956Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.854{49C67628-E19C-615E-0500-00000000FE01}416532C:\Windows\system32\csrss.exe{49C67628-E803-615E-5301-00000000FE01}3340C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213955Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.854{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E803-615E-5301-00000000FE01}3340C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213954Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.855{49C67628-E803-615E-5301-00000000FE01}3340C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000213953Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.432{49C67628-E803-615E-5201-00000000FE01}34203860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213952Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.182{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E803-615E-5201-00000000FE01}3420C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213951Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.182{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213950Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.182{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213949Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.182{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213948Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.182{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213947Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.182{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213946Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.182{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213945Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.182{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213944Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.182{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213943Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.182{49C67628-E19C-615E-0500-00000000FE01}416532C:\Windows\system32\csrss.exe{49C67628-E803-615E-5201-00000000FE01}3420C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213942Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.182{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213941Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.182{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E803-615E-5201-00000000FE01}3420C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213940Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:51.183{49C67628-E803-615E-5201-00000000FE01}3420C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000239194Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.623{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E425-615E-0B01-00000000FD01}5880C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239193Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.623{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000239192Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.388{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55505- 354300x8000000000000000239191Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.355{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local57309-false216.58.212.131ams15s21-in-f131.1e100.net443https 354300x8000000000000000239190Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.338{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64913-false157.90.33.68sub1.1push.io443https 354300x8000000000000000239189Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.327{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local57308-false172.67.68.90-443https 354300x8000000000000000239188Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.322{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local53948-false141.193.213.20-443https 354300x8000000000000000239187Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.320{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64912-false142.250.186.67fra24s05-in-f3.1e100.net80http 354300x8000000000000000239186Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.289{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57307- 354300x8000000000000000239185Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.283{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64911-false151.139.128.14-80http 354300x8000000000000000239184Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.273{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-53947- 354300x8000000000000000239183Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.252{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64910-false45.83.104.61eu1.getlark.com443https 354300x8000000000000000239182Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.245{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53947- 354300x8000000000000000239181Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.213{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61449- 354300x8000000000000000239180Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.209{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55046- 354300x8000000000000000239179Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.205{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60238- 10341000x8000000000000000239178Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.485{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E425-615E-0B01-00000000FD01}5880C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+978ae8|C:\Program Files\Mozilla Firefox\xul.dll+22a8692|C:\Program Files\Mozilla Firefox\xul.dll+34b3fbc|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239177Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.324{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\permissions.sqlite-journalMD5=405C0DEB7D0259067C566B4AE67C7DF2,SHA256=EFD9BE747B29ECF6DE0F3D71A5592DC9CF389B0B874F84650EE148F466991598,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239176Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.162{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54226- 354300x8000000000000000239175Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.161{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50607- 354300x8000000000000000239174Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.156{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64909-false2.22.118.162a2-22-118-162.deploy.static.akamaitechnologies.com80http 354300x8000000000000000239173Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.026{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local57475-false172.67.215.136-443https 354300x8000000000000000239172Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.960{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local57474-false104.26.4.190-443https 354300x8000000000000000239171Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.949{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64908-false2.22.118.162a2-22-118-162.deploy.static.akamaitechnologies.com80http 354300x8000000000000000239170Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.946{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local57473-false142.250.184.193fra24s11-in-f1.1e100.net443https 23542300x8000000000000000239169Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.202{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=927B98001EDC8286456D42F42D46C7E9,SHA256=626824C454CAF0F47C7334627746EDB9B377CAE4653A514EB18C6ABEE3BE617F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239168Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.171{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000239167Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.715{6EDEAD03-E420-615E-0601-00000000FD01}6016www-google-analytics.l.google.com0142.250.186.78;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239166Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.542{6EDEAD03-E420-615E-0601-00000000FD01}6016prd-collector-anon.ex.co9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239165Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.538{6EDEAD03-E420-615E-0601-00000000FD01}6016prd-collector-anon.ex.co018.235.17.58;34.193.25.178;54.164.123.106;54.88.209.254;3.208.219.24;54.145.239.115;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239164Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.535{6EDEAD03-E420-615E-0601-00000000FD01}6016prd-collector-anon.ex.co0::ffff:54.145.239.115;::ffff:18.235.17.58;::ffff:34.193.25.178;::ffff:54.164.123.106;::ffff:54.88.209.254;::ffff:3.208.219.24;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239163Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.414{6EDEAD03-E420-615E-0601-00000000FD01}6016e4016.a.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239162Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.404{6EDEAD03-E420-615E-0601-00000000FD01}6016e4016.a.akamaiedge.net0104.75.88.126;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239161Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.313{6EDEAD03-E420-615E-0601-00000000FD01}6016system-notify.app9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239160Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.297{6EDEAD03-E420-615E-0601-00000000FD01}6016system-notify.app0157.90.33.72;157.90.33.68;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239159Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.296{6EDEAD03-E420-615E-0601-00000000FD01}6016system-notify.app0::ffff:157.90.33.68;::ffff:157.90.33.72;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239158Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.178{6EDEAD03-E420-615E-0601-00000000FD01}6016filmfestivals.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239157Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.171{6EDEAD03-E420-615E-0601-00000000FD01}6016filmfestivals.com045.83.104.61;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239156Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.169{6EDEAD03-E420-615E-0601-00000000FD01}6016www.filmfestivals.com0type: 5 filmfestivals.com;::ffff:45.83.104.61;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239155Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.778{6EDEAD03-E420-615E-0601-00000000FD01}6016proxy1.frontrunnerpro.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239154Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.740{6EDEAD03-E420-615E-0601-00000000FD01}6016futurity.org9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239153Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.652{6EDEAD03-E420-615E-0601-00000000FD01}6016gstaticadssl.l.google.com02a00:1450:4001:82f::2003;C:\Program Files\Mozilla Firefox\firefox.exe 354300x8000000000000000239152Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.850{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64906-false216.58.212.131ams15s21-in-f131.1e100.net443https 354300x8000000000000000239151Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.849{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64907-false216.58.212.131ams15s21-in-f131.1e100.net443https 354300x8000000000000000239150Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.834{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local57472-false172.67.74.59-443https 354300x8000000000000000239149Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.803{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64898-false98.129.167.1-443https 354300x8000000000000000239148Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.791{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64905-false2.22.118.162a2-22-118-162.deploy.static.akamaitechnologies.com80http 354300x8000000000000000239147Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.764{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64899-false128.151.77.219-443https 354300x8000000000000000239146Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.754{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64901-false172.67.68.90-443https 354300x8000000000000000239145Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.754{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64904-false13.32.99.56server-13-32-99-56.fra60.r.cloudfront.net443https 354300x8000000000000000239144Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.753{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64903-false13.32.99.56server-13-32-99-56.fra60.r.cloudfront.net443https 354300x8000000000000000239143Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.753{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64902-false13.32.99.56server-13-32-99-56.fra60.r.cloudfront.net443https 354300x8000000000000000239142Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.753{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64900-false192.0.66.136-443https 354300x8000000000000000239141Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.739{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64895-false45.60.31.181-443https 354300x8000000000000000239140Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.672{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64897-false142.250.184.193fra24s11-in-f1.1e100.net443https 354300x8000000000000000239139Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.672{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local57471-false104.21.73.196-443https 354300x8000000000000000239138Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:49.665{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-58745- 23542300x8000000000000000239326Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.773{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=687F018B93783C4F3658E6A295676878,SHA256=E436532B1A5DB52BB19A563EE3F99431CFA1E40B9A2AF21053F21B7BB411CE1A,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239325Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.671{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-57336- 354300x8000000000000000239324Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.642{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57336- 354300x8000000000000000239323Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.642{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53894- 354300x8000000000000000239322Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.642{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58615- 354300x8000000000000000239321Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.641{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54167- 354300x8000000000000000239320Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.638{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50628- 354300x8000000000000000239319Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.637{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59764- 354300x8000000000000000239318Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.637{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57512- 354300x8000000000000000239317Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.636{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56152- 354300x8000000000000000239316Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.636{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51599- 354300x8000000000000000239315Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.585{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57710- 354300x8000000000000000239314Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.582{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64937-false95.101.83.57a95-101-83-57.deploy.static.akamaitechnologies.com443https 354300x8000000000000000239313Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.577{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60283- 354300x8000000000000000239312Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.576{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60501- 23542300x8000000000000000239311Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.754{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AF5349C34A164A07A8CF9786BBB30304,SHA256=FA3693DC7684624E2EFCECC4DB53235F4A0490FAF6F19F54540F50A67679B56D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213983Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:52.511{49C67628-E804-615E-5401-00000000FE01}32083568C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000213982Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:52.370{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=86D99273AEA7669EC6C94671F5E4DBB9,SHA256=F5D30C8FD4F3250733821D74D1CE3503B6D7EAFCB90AA759D44009F65AE03403,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213981Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:52.354{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E804-615E-5401-00000000FE01}3208C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213980Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:52.354{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213979Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:52.354{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213978Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:52.354{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213977Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:52.354{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213976Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:52.354{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213975Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:52.354{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213974Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:52.354{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213973Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:52.354{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213972Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:52.354{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213971Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:52.354{49C67628-E19C-615E-0500-00000000FE01}416432C:\Windows\system32\csrss.exe{49C67628-E804-615E-5401-00000000FE01}3208C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213970Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:52.354{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E804-615E-5401-00000000FE01}3208C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213969Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:52.355{49C67628-E804-615E-5401-00000000FE01}3208C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000213968Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:52.354{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51C342C89990D7312F0EDDC293025643,SHA256=57658F519B524D004780F7C0B482616E19D51A0D33CFD8624D48CE7A8BA43ECE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000213967Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:52.090{49C67628-E803-615E-5301-00000000FE01}33401600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000239310Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.363{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64935-false104.75.88.126a104-75-88-126.deploy.static.akamaitechnologies.com443https 354300x8000000000000000239309Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.363{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64932-false104.16.158.17-443https 354300x8000000000000000239308Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.363{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64931-false18.66.97.30-443https 354300x8000000000000000239307Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.362{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64936-false142.250.186.138fra24s07-in-f10.1e100.net443https 354300x8000000000000000239306Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.361{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64934-false104.75.88.126a104-75-88-126.deploy.static.akamaitechnologies.com443https 354300x8000000000000000239305Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.361{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64933-false23.210.254.213a23-210-254-213.deploy.static.akamaitechnologies.com443https 354300x8000000000000000239304Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.336{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58829- 354300x8000000000000000239303Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.327{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52019- 354300x8000000000000000239302Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.247{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local49259- 354300x8000000000000000239301Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.247{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52840- 354300x8000000000000000239300Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.232{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51159- 354300x8000000000000000239299Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.223{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58163- 354300x8000000000000000239298Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.207{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58962- 354300x8000000000000000239297Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.189{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64930-false104.101.101.199a104-101-101-199.deploy.static.akamaitechnologies.com443https 354300x8000000000000000239296Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.188{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53465- 10341000x8000000000000000239295Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.463{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239294Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.459{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239293Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.446{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239292Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.431{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239291Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.430{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239290Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.421{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239289Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.414{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239288Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.414{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239287Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.413{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239286Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.366{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239285Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.366{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239284Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.323{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E425-615E-0B01-00000000FD01}5880C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239283Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.321{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000239282Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.178{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50474- 354300x8000000000000000239281Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.150{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51848- 354300x8000000000000000239280Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.150{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64929-false52.222.250.154server-52-222-250-154.fra60.r.cloudfront.net80http 354300x8000000000000000239279Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.149{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60315- 354300x8000000000000000239278Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.145{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60224- 354300x8000000000000000239277Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.031{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64925-false3.232.170.59ec2-3-232-170-59.compute-1.amazonaws.com443https 354300x8000000000000000239276Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.021{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64928-false2.16.218.216a2-16-218-216.deploy.static.akamaitechnologies.com443https 354300x8000000000000000239275Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.006{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64927-false2.16.218.216a2-16-218-216.deploy.static.akamaitechnologies.com443https 354300x8000000000000000239274Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.005{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53089- 354300x8000000000000000239273Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.005{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59934- 354300x8000000000000000239272Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.997{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59981- 354300x8000000000000000239271Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.971{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64926-false142.250.186.138fra24s07-in-f10.1e100.net443https 354300x8000000000000000239270Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.970{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54977- 354300x8000000000000000239269Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.967{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57646- 354300x8000000000000000239268Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.942{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local58442-false142.250.74.194fra24s02-in-f2.1e100.net443https 354300x8000000000000000239267Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.937{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58441- 10341000x8000000000000000239266Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.100{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+b3ed70|C:\Program Files\Mozilla Firefox\xul.dll+b3e6ed|C:\Program Files\Mozilla Firefox\xul.dll+b377b4|C:\Program Files\Mozilla Firefox\xul.dll+b3cbe8|C:\Program Files\Mozilla Firefox\xul.dll+b3d361|C:\Program Files\Mozilla Firefox\xul.dll+389961|C:\Program Files\Mozilla Firefox\xul.dll+b3e119|C:\Program Files\Mozilla Firefox\xul.dll+b410d2|C:\Program Files\Mozilla Firefox\xul.dll+b3db36|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b1e573|C:\Program Files\Mozilla Firefox\xul.dll+1e56e50 22542200x8000000000000000239265Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.601{6EDEAD03-E420-615E-0601-00000000FD01}6016track1.aniview.com0type: 5 tracking-1611167402.us-east-1.elb.amazonaws.com;::ffff:34.199.127.9;::ffff:34.201.197.184;::ffff:52.86.227.90;::ffff:52.73.70.207;::ffff:18.232.230.29;::ffff:34.225.64.38;::ffff:3.232.170.59;::ffff:34.196.151.221;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239264Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.592{6EDEAD03-E420-615E-0601-00000000FD01}6016e93115.g.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239263Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.585{6EDEAD03-E420-615E-0601-00000000FD01}6016e93115.g.akamaiedge.net095.101.83.171;95.101.83.57;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239262Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.584{6EDEAD03-E420-615E-0601-00000000FD01}6016mcd.ex.co0type: 5 mcd.ex.co.edgekey.net;type: 5 e93115.g.akamaiedge.net;::ffff:95.101.83.57;::ffff:95.101.83.171;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239261Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.349{6EDEAD03-E420-615E-0601-00000000FD01}6016e13136.g.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239260Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.346{6EDEAD03-E420-615E-0601-00000000FD01}6016e13136.g.akamaiedge.net023.210.254.213;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239259Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.343{6EDEAD03-E420-615E-0601-00000000FD01}6016v1.addthisedge.com0type: 5 v1.addthisedge.com.edgekey.net;type: 5 e4016.a.akamaiedge.net;::ffff:104.75.88.126;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239258Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.264{6EDEAD03-E420-615E-0601-00000000FD01}6016engine.4dsply.com02606:4700::6810:9e11;2606:4700::6810:9f11;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239257Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.256{6EDEAD03-E420-615E-0601-00000000FD01}6016engine.4dsply.com0104.16.159.17;104.16.158.17;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239256Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.255{6EDEAD03-E420-615E-0601-00000000FD01}6016engine.4dsply.com0::ffff:104.16.158.17;::ffff:104.16.159.17;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239255Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.239{6EDEAD03-E420-615E-0601-00000000FD01}6016d2fashanjl7d9f.cloudfront.net02600:9000:223c:ac00:6:44e3:f8c0:93a1;2600:9000:223c:5000:6:44e3:f8c0:93a1;2600:9000:223c:a600:6:44e3:f8c0:93a1;2600:9000:223c:8200:6:44e3:f8c0:93a1;2600:9000:223c:7e00:6:44e3:f8c0:93a1;2600:9000:223c:f400:6:44e3:f8c0:93a1;2600:9000:223c:c000:6:44e3:f8c0:93a1;2600:9000:223c:6400:6:44e3:f8c0:93a1;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239254Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.231{6EDEAD03-E420-615E-0601-00000000FD01}6016d2fashanjl7d9f.cloudfront.net018.66.97.81;18.66.97.31;18.66.97.52;18.66.97.30;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239253Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.203{6EDEAD03-E420-615E-0601-00000000FD01}6016e11385.dscd.akamaiedge.net02a02:26f0:d6:4b5::2c79;2a02:26f0:d6:49d::2c79;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239252Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.198{6EDEAD03-E420-615E-0601-00000000FD01}6016e11385.dscd.akamaiedge.net0104.101.101.199;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239251Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.195{6EDEAD03-E420-615E-0601-00000000FD01}6016player.aniview.com0type: 5 wildcard.aniview.com.edgekey.net;type: 5 e11385.dscd.akamaiedge.net;::ffff:104.101.101.199;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239250Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.029{6EDEAD03-E420-615E-0601-00000000FD01}6016e16009.dscd.akamaiedge.net02a02:26f0:1700:7::17d5:a1cb;2a02:26f0:1700:7::17d5:a1ce;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239249Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.014{6EDEAD03-E420-615E-0601-00000000FD01}6016e16009.dscd.akamaiedge.net02.16.218.67;2.16.218.216;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239248Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.012{6EDEAD03-E420-615E-0601-00000000FD01}6016player.avplayer.com0type: 5 player.avplayer.com.edgekey.net;type: 5 e16009.dscd.akamaiedge.net;::ffff:2.16.218.216;::ffff:2.16.218.67;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239247Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.956{6EDEAD03-E420-615E-0601-00000000FD01}6016tracking-1611167402.us-east-1.elb.amazonaws.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239246Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.952{6EDEAD03-E420-615E-0601-00000000FD01}6016tracking-1611167402.us-east-1.elb.amazonaws.com034.196.151.221;34.199.127.9;34.201.197.184;52.86.227.90;52.73.70.207;18.232.230.29;34.225.64.38;3.232.170.59;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239245Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.951{6EDEAD03-E420-615E-0601-00000000FD01}6016atrack.avplayer.com0type: 5 tracking-1611167402.us-east-1.elb.amazonaws.com;::ffff:3.232.170.59;::ffff:34.196.151.221;::ffff:34.199.127.9;::ffff:34.201.197.184;::ffff:52.86.227.90;::ffff:52.73.70.207;::ffff:18.232.230.29;::ffff:34.225.64.38;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000239244Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.070{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+acbf08|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239243Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.023{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239242Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.023{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239241Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.022{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239240Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.022{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239239Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.022{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239238Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.022{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239237Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.022{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239236Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.022{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239235Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.022{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000239234Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.919{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local59615-false104.16.158.17-443https 354300x8000000000000000239233Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.906{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local59614-false104.18.16.65-443https 354300x8000000000000000239232Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.905{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local59613-false142.250.186.78fra24s05-in-f14.1e100.net443https 354300x8000000000000000239231Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.884{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64924-false93.184.220.29-80http 354300x8000000000000000239230Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.883{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64923-false93.184.220.29-80http 10341000x8000000000000000239229Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.021{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000239228Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.848{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59612- 354300x8000000000000000239227Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.847{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50421- 354300x8000000000000000239226Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.845{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61331- 354300x8000000000000000239225Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.810{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64922-false142.250.186.78fra24s05-in-f14.1e100.net443https 354300x8000000000000000239224Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.810{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64921-false104.75.88.126a104-75-88-126.deploy.static.akamaitechnologies.com443https 354300x8000000000000000239223Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.809{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64920-false91.228.74.189-443https 354300x8000000000000000239222Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.809{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64919-false104.16.158.17-443https 354300x8000000000000000239221Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.809{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64918-false104.18.16.65-443https 354300x8000000000000000239220Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.809{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64916-false91.228.74.189-443https 354300x8000000000000000239219Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.809{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64917-false13.35.253.80server-13-35-253-80.fra6.r.cloudfront.net443https 354300x8000000000000000239218Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.808{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64915-false142.250.74.194fra24s02-in-f2.1e100.net443https 354300x8000000000000000239217Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.706{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51829- 354300x8000000000000000239216Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.706{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55140- 354300x8000000000000000239215Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:50.703{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59701- 354300x8000000000000000239396Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.662{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-57445- 354300x8000000000000000239395Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.639{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57009- 354300x8000000000000000239394Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.638{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60472- 354300x8000000000000000239393Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.637{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61288- 354300x8000000000000000239392Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.637{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57445- 354300x8000000000000000239391Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.636{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58867- 354300x8000000000000000239390Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.636{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50212- 354300x8000000000000000239389Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.613{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64948-false23.37.42.132a23-37-42-132.deploy.static.akamaitechnologies.com443https 354300x8000000000000000239388Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.612{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58270- 354300x8000000000000000239387Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.596{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58516- 354300x8000000000000000239386Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.576{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64947-false185.33.221.52725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net443https 354300x8000000000000000239385Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.556{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64946-false2.19.35.65a2-19-35-65.deploy.static.akamaitechnologies.com443https 354300x8000000000000000239384Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.549{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56585- 354300x8000000000000000239383Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.545{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58911- 354300x8000000000000000239382Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.540{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52875- 354300x8000000000000000239381Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.540{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51020- 354300x8000000000000000239380Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.539{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58113- 354300x8000000000000000239379Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.539{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64945-false23.210.253.92a23-210-253-92.deploy.static.akamaitechnologies.com443https 354300x8000000000000000239378Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.538{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64944-false23.210.253.164a23-210-253-164.deploy.static.akamaitechnologies.com443https 354300x8000000000000000239377Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.536{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57728- 354300x8000000000000000239376Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.535{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52044- 354300x8000000000000000239375Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.532{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59509- 354300x8000000000000000239374Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.531{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57771- 354300x8000000000000000239373Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.530{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54300- 10341000x8000000000000000213997Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:53.511{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E805-615E-5501-00000000FE01}2600C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213996Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:53.511{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213995Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:53.511{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213994Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:53.511{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213993Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:53.511{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213992Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:53.511{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213991Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:53.511{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213990Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:53.511{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213989Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:53.511{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213988Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:53.511{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000213987Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:53.511{49C67628-E19C-615E-0500-00000000FE01}416532C:\Windows\system32\csrss.exe{49C67628-E805-615E-5501-00000000FE01}2600C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000213986Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:53.511{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E805-615E-5501-00000000FE01}2600C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000213985Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:53.512{49C67628-E805-615E-5501-00000000FE01}2600C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000213984Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:53.151{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3820E2F357C678DA20022B0D5D8E77EF,SHA256=433DF06B0ADDF12AAB76B0969006783F6A7E7EAA12815723CCEDABC0BBBB9A82,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239372Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.208{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64943-false23.45.97.32a23-45-97-32.deploy.static.akamaitechnologies.com443https 354300x8000000000000000239371Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.200{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55256- 354300x8000000000000000239370Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.200{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52270- 354300x8000000000000000239369Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.196{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53025- 354300x8000000000000000239368Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.145{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64942-false13.224.193.34server-13-224-193-34.fra2.r.cloudfront.net443https 354300x8000000000000000239367Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.144{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58424- 354300x8000000000000000239366Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.140{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56110- 354300x8000000000000000239365Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.130{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64939-false52.73.58.55ec2-52-73-58-55.compute-1.amazonaws.com443https 354300x8000000000000000239364Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.117{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64941-false104.111.225.89a104-111-225-89.deploy.static.akamaitechnologies.com443https 354300x8000000000000000239363Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.116{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53971- 354300x8000000000000000239362Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.116{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50973- 354300x8000000000000000239361Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.092{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64940-false172.67.140.13-443https 354300x8000000000000000239360Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.092{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51172- 354300x8000000000000000239359Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.091{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50837- 354300x8000000000000000239358Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.087{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55203- 354300x8000000000000000239357Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.039{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54466- 10341000x8000000000000000239356Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.269{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239355Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.217{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cache2\doomed\3484MD5=6D357C3EDC6EFFC4FC7601115CE27CFE,SHA256=F32A67467FE4E8F00D3491801B5215274FB1646FDA072653402F34E101005FDF,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000239354Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.784{6EDEAD03-E420-615E-0601-00000000FD01}6016cookie-sync-1380929930.us-east-1.elb.amazonaws.com034.196.245.189;18.214.137.90;18.208.104.24;44.194.158.136;3.209.156.238;35.172.49.77;174.129.232.188;3.230.242.93;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239353Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.782{6EDEAD03-E420-615E-0601-00000000FD01}6016sync.aniview.com0type: 5 cookie-sync-1380929930.us-east-1.elb.amazonaws.com;::ffff:3.230.242.93;::ffff:34.196.245.189;::ffff:18.214.137.90;::ffff:18.208.104.24;::ffff:44.194.158.136;::ffff:3.209.156.238;::ffff:35.172.49.77;::ffff:174.129.232.188;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239352Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.740{6EDEAD03-E420-615E-0601-00000000FD01}6016v04.cap-ash1.technoratimedia.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239351Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.736{6EDEAD03-E420-615E-0601-00000000FD01}6016v04.cap-ash1.technoratimedia.com0150.136.156.92;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239350Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.734{6EDEAD03-E420-615E-0601-00000000FD01}6016shinez.technoratimedia.com0type: 5 adserver.technoratimedia.com;type: 5 v04.cap-ash1.technoratimedia.com;::ffff:150.136.156.92;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239349Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.628{6EDEAD03-E420-615E-0601-00000000FD01}6016e8960.b.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239348Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.621{6EDEAD03-E420-615E-0601-00000000FD01}6016e8960.b.akamaiedge.net023.37.42.132;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239347Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.550{6EDEAD03-E420-615E-0601-00000000FD01}6016e8960.e2.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239346Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.550{6EDEAD03-E420-615E-0601-00000000FD01}6016e8037.g.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239345Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.549{6EDEAD03-E420-615E-0601-00000000FD01}6016e8960.e2.akamaiedge.net02.19.35.65;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239344Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.548{6EDEAD03-E420-615E-0601-00000000FD01}6016e6603.g.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239343Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.548{6EDEAD03-E420-615E-0601-00000000FD01}6016e8037.g.akamaiedge.net023.210.253.164;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239342Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.545{6EDEAD03-E420-615E-0601-00000000FD01}6016e6603.g.akamaiedge.net023.210.253.92;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239341Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.212{6EDEAD03-E420-615E-0601-00000000FD01}6016e13630.dscb.akamaiedge.net02a02:26f0:1700:195::353e;2a02:26f0:1700:1b0::353e;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239340Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.209{6EDEAD03-E420-615E-0601-00000000FD01}6016e13630.dscb.akamaiedge.net023.45.97.32;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239339Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.155{6EDEAD03-E420-615E-0601-00000000FD01}6016audit-tcfv2.quantcast.mgr.consensu.org9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239338Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.153{6EDEAD03-E420-615E-0601-00000000FD01}6016audit-tcfv2.quantcast.mgr.consensu.org013.224.193.10;13.224.193.104;13.224.193.80;13.224.193.34;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239337Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.152{6EDEAD03-E420-615E-0601-00000000FD01}6016audit-tcfv2.quantcast.mgr.consensu.org0::ffff:13.224.193.34;::ffff:13.224.193.10;::ffff:13.224.193.104;::ffff:13.224.193.80;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239336Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.130{6EDEAD03-E420-615E-0601-00000000FD01}6016e4346.g.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239335Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.125{6EDEAD03-E420-615E-0601-00000000FD01}6016e4346.g.akamaiedge.net0104.111.225.89;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239334Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.124{6EDEAD03-E420-615E-0601-00000000FD01}6016blogs.msdn.com0type: 5 blogs.msdn.com.edgekey.net;type: 5 e4346.g.akamaiedge.net;::ffff:104.111.225.89;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239333Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.104{6EDEAD03-E420-615E-0601-00000000FD01}6016a.rssing.com02606:4700:3032::ac43:8c0d;2606:4700:3032::6815:5ed0;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239332Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.100{6EDEAD03-E420-615E-0601-00000000FD01}6016a.rssing.com0104.21.94.208;172.67.140.13;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239331Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.099{6EDEAD03-E420-615E-0601-00000000FD01}6016a.rssing.com0::ffff:172.67.140.13;::ffff:104.21.94.208;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239330Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.055{6EDEAD03-E420-615E-0601-00000000FD01}6016premium-serving-428909459.us-east-1.elb.amazonaws.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239329Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.052{6EDEAD03-E420-615E-0601-00000000FD01}6016premium-serving-428909459.us-east-1.elb.amazonaws.com03.224.226.7;75.101.235.47;35.153.40.211;35.173.4.119;52.205.96.140;52.73.58.55;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239328Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.051{6EDEAD03-E420-615E-0601-00000000FD01}6016premiumsrv.aniview.com0type: 5 premium-serving-428909459.us-east-1.elb.amazonaws.com;::ffff:52.73.58.55;::ffff:3.224.226.7;::ffff:75.101.235.47;::ffff:35.153.40.211;::ffff:35.173.4.119;::ffff:52.205.96.140;C:\Program Files\Mozilla Firefox\firefox.exe 354300x8000000000000000239327Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:51.686{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64938-false34.199.127.9ec2-34-199-127-9.compute-1.amazonaws.com443https 354300x8000000000000000239462Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.694{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64971-false142.250.186.70fra24s05-in-f6.1e100.net443https 354300x8000000000000000239461Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.643{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59171- 354300x8000000000000000239460Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.642{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59513- 354300x8000000000000000239459Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.631{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64970-false142.250.186.70fra24s05-in-f6.1e100.net443https 354300x8000000000000000239458Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.630{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52785- 354300x8000000000000000239457Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.627{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local60089-false172.217.23.98mil04s23-in-f2.1e100.net443https 354300x8000000000000000239456Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.626{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60088- 354300x8000000000000000239455Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.603{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64969-false172.217.23.98mil04s23-in-f2.1e100.net443https 354300x8000000000000000239454Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.599{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53762- 354300x8000000000000000239453Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.569{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64968-false104.18.16.65-443https 354300x8000000000000000239452Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.549{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64967-false104.18.16.65-443https 354300x8000000000000000239451Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.470{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58509- 354300x8000000000000000239450Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.438{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local53610-false142.250.186.138fra24s07-in-f10.1e100.net443https 354300x8000000000000000239449Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.422{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64966-false104.18.16.65-443https 354300x8000000000000000239448Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.422{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64965-false104.18.16.65-443https 354300x8000000000000000239447Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.422{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64964-false104.18.16.65-443https 354300x8000000000000000239446Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.422{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64963-false104.18.16.65-443https 354300x8000000000000000239445Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.422{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64962-false104.18.16.65-443https 354300x8000000000000000239444Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.421{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64961-false104.18.16.65-443https 354300x8000000000000000239443Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.398{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53609- 354300x8000000000000000239442Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.383{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64960-false142.250.186.138fra24s07-in-f10.1e100.net443https 354300x8000000000000000239441Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.382{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64959-false142.250.186.138fra24s07-in-f10.1e100.net443https 354300x8000000000000000239440Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.375{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64958-false142.250.186.138fra24s07-in-f10.1e100.net443https 354300x8000000000000000239439Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.363{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61077- 354300x8000000000000000239438Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.363{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59023- 354300x8000000000000000239437Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.260{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local55206-false104.19.130.80-443https 23542300x8000000000000000239436Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.303{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=923C9D41AECDA5088910C5DC27C1149D,SHA256=E56FBF93FAF19EF67DF857423CC9B40302AFA08D14E72E5C2CBE4FD28ADF9BE1,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239435Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.195{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64957-false104.18.16.65-443https 354300x8000000000000000239434Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.195{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64956-false104.19.130.80-443https 354300x8000000000000000239433Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.194{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64955-false104.18.16.65-443https 354300x8000000000000000239432Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.173{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55204- 354300x8000000000000000239431Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.172{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59192- 354300x8000000000000000239430Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.163{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51967- 354300x8000000000000000239429Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.134{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64954-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000239428Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.053{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57255- 10341000x8000000000000000239427Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.289{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 22542200x8000000000000000239426Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.642{6EDEAD03-E420-615E-0601-00000000FD01}6016s0-2mdn-net.l.google.com02a00:1450:4001:827::2006;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239425Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.639{6EDEAD03-E420-615E-0601-00000000FD01}6016s0-2mdn-net.l.google.com0142.250.186.70;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239424Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.485{6EDEAD03-E420-615E-0601-00000000FD01}6016cm.adskeeper.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239423Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.480{6EDEAD03-E420-615E-0601-00000000FD01}6016cm.adskeeper.com0104.18.17.65;104.18.16.65;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239422Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.478{6EDEAD03-E420-615E-0601-00000000FD01}6016cm.adskeeper.com0::ffff:104.18.16.65;::ffff:104.18.17.65;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239421Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.417{6EDEAD03-E420-615E-0601-00000000FD01}6016s-img.adskeeper.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239420Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.406{6EDEAD03-E420-615E-0601-00000000FD01}6016s-img.adskeeper.com0104.18.17.65;104.18.16.65;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239419Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.405{6EDEAD03-E420-615E-0601-00000000FD01}6016s-img.adskeeper.com0::ffff:104.18.16.65;::ffff:104.18.17.65;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239418Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.191{6EDEAD03-E420-615E-0601-00000000FD01}6016servicer.adskeeper.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239417Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.181{6EDEAD03-E420-615E-0601-00000000FD01}6016servicer.adskeeper.com0104.18.17.65;104.18.16.65;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239416Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.180{6EDEAD03-E420-615E-0601-00000000FD01}6016servicer.adskeeper.com0::ffff:104.18.16.65;::ffff:104.18.17.65;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239415Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.902{6EDEAD03-E420-615E-0601-00000000FD01}6016cdn.adskeeper.co.uk9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239414Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.896{6EDEAD03-E420-615E-0601-00000000FD01}6016cdn.adskeeper.co.uk0104.19.133.80;104.19.132.80;104.19.134.80;104.19.131.80;104.19.130.80;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239413Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.894{6EDEAD03-E420-615E-0601-00000000FD01}6016cdn.adskeeper.co.uk0::ffff:104.19.130.80;::ffff:104.19.133.80;::ffff:104.19.132.80;::ffff:104.19.134.80;::ffff:104.19.131.80;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239412Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.875{6EDEAD03-E420-615E-0601-00000000FD01}6016c.adskeeper.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239411Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.868{6EDEAD03-E420-615E-0601-00000000FD01}6016c.adskeeper.com0104.18.17.65;104.18.16.65;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239410Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.866{6EDEAD03-E420-615E-0601-00000000FD01}6016c.adskeeper.com0::ffff:104.18.16.65;::ffff:104.18.17.65;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239409Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.793{6EDEAD03-E420-615E-0601-00000000FD01}6016cookie-sync-1380929930.us-east-1.elb.amazonaws.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 354300x8000000000000000239408Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.887{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55972- 354300x8000000000000000239407Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.886{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56552- 354300x8000000000000000239406Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.876{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59944- 354300x8000000000000000239405Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.861{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64953-false3.230.242.93ec2-3-230-242-93.compute-1.amazonaws.com443https 354300x8000000000000000239404Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.859{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61178- 354300x8000000000000000239403Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.836{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64951-false150.136.156.92-443https 354300x8000000000000000239402Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.831{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64952-false150.136.156.92-443https 354300x8000000000000000239401Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.818{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64949-false150.136.156.92-443https 354300x8000000000000000239400Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.817{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64950-false150.136.156.92-443https 354300x8000000000000000239399Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.774{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59920- 354300x8000000000000000239398Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.727{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53969- 354300x8000000000000000239397Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:52.727{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55090- 23542300x8000000000000000213999Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:54.667{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2E7C58B4BA9DFD163A12D76ECDC8F88B,SHA256=5FC8B41BAF9AB278B838DC619BB3B97AD11C1B08F822C521BDB7C2B0EBDDB808,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000213998Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:54.276{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=26E37872CA7D3C8F7D59F6C84E5833D5,SHA256=C6807A317644B294F00025625B0CFE12BE1889CF4C2549AB39D5C3536EF89FCB,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239524Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.675{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-55867- 354300x8000000000000000239523Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.649{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51116- 354300x8000000000000000239522Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.649{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53219- 354300x8000000000000000239521Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.649{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58632- 354300x8000000000000000239520Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.649{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55867- 354300x8000000000000000239519Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.648{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53678- 354300x8000000000000000239518Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.645{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51890- 354300x8000000000000000239517Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.553{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local59951-false142.250.185.65fra16s48-in-f1.1e100.net443https 354300x8000000000000000239516Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.508{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56597-false142.250.185.65fra16s48-in-f1.1e100.net443https 354300x8000000000000000239515Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.507{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59950- 354300x8000000000000000239514Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.507{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50211- 354300x8000000000000000239513Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.493{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60286- 23542300x8000000000000000239512Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.687{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cache2\doomed\24752MD5=2EF8E35A0DFD09A3516D1AE749F25193,SHA256=89FB05474D6B2F974C5D5522370BF4D407FF312587B33AD11AF42FEAA791D732,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239511Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.676{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239510Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.675{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cache2\indexMD5=2B96100899B0DBFC236DE5BDDF188A3B,SHA256=31CF2EE3EF2689E57A923DBFE305F4B79507B9D7D8BCDC10EE5CE5D9135406A9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239509Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.601{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42A-615E-1001-00000000FD01}6800C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+197d23|C:\Program Files\Mozilla Firefox\xul.dll+819065|C:\Program Files\Mozilla Firefox\xul.dll+8192f5|C:\Program Files\Mozilla Firefox\xul.dll+81797e|C:\Program Files\Mozilla Firefox\xul.dll+817bb0|C:\Program Files\Mozilla Firefox\xul.dll+33c175a|C:\Program Files\Mozilla Firefox\xul.dll+33c1518|C:\Program Files\Mozilla Firefox\xul.dll+33c448e|C:\Program Files\Mozilla Firefox\xul.dll+cfb5e4|C:\Program Files\Mozilla Firefox\xul.dll+1e5a54d|C:\Program Files\Mozilla Firefox\xul.dll+1ae77f|C:\Program Files\Mozilla Firefox\xul.dll+91046c|C:\Program Files\Mozilla Firefox\xul.dll+8d6c51|C:\Program Files\Mozilla Firefox\xul.dll+19876d|C:\Program Files\Mozilla Firefox\xul.dll+914c17|C:\Program Files\Mozilla Firefox\xul.dll+8df324|C:\Program Files\Mozilla Firefox\xul.dll+8e2051 10341000x8000000000000000239508Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.601{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E427-615E-0F01-00000000FD01}6272C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+197d23|C:\Program Files\Mozilla Firefox\xul.dll+819065|C:\Program Files\Mozilla Firefox\xul.dll+8192f5|C:\Program Files\Mozilla Firefox\xul.dll+81797e|C:\Program Files\Mozilla Firefox\xul.dll+817bb0|C:\Program Files\Mozilla Firefox\xul.dll+33c175a|C:\Program Files\Mozilla Firefox\xul.dll+33c1518|C:\Program Files\Mozilla Firefox\xul.dll+33c448e|C:\Program Files\Mozilla Firefox\xul.dll+cfb5e4|C:\Program Files\Mozilla Firefox\xul.dll+1e5a54d|C:\Program Files\Mozilla Firefox\xul.dll+1ae77f|C:\Program Files\Mozilla Firefox\xul.dll+91046c|C:\Program Files\Mozilla Firefox\xul.dll+8d6c51|C:\Program Files\Mozilla Firefox\xul.dll+19876d|C:\Program Files\Mozilla Firefox\xul.dll+914c17|C:\Program Files\Mozilla Firefox\xul.dll+8df324|C:\Program Files\Mozilla Firefox\xul.dll+8e2051 10341000x8000000000000000239507Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.601{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E426-615E-0E01-00000000FD01}5452C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+197d23|C:\Program Files\Mozilla Firefox\xul.dll+819065|C:\Program Files\Mozilla Firefox\xul.dll+8192f5|C:\Program Files\Mozilla Firefox\xul.dll+81797e|C:\Program Files\Mozilla Firefox\xul.dll+817bb0|C:\Program Files\Mozilla Firefox\xul.dll+33c175a|C:\Program Files\Mozilla Firefox\xul.dll+33c1518|C:\Program Files\Mozilla Firefox\xul.dll+33c448e|C:\Program Files\Mozilla Firefox\xul.dll+cfb5e4|C:\Program Files\Mozilla Firefox\xul.dll+1e5a54d|C:\Program Files\Mozilla Firefox\xul.dll+1ae77f|C:\Program Files\Mozilla Firefox\xul.dll+91046c|C:\Program Files\Mozilla Firefox\xul.dll+8d6c51|C:\Program Files\Mozilla Firefox\xul.dll+19876d|C:\Program Files\Mozilla Firefox\xul.dll+914c17|C:\Program Files\Mozilla Firefox\xul.dll+8df324|C:\Program Files\Mozilla Firefox\xul.dll+8e2051 10341000x8000000000000000239506Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.600{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E425-615E-0B01-00000000FD01}5880C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+197d23|C:\Program Files\Mozilla Firefox\xul.dll+819065|C:\Program Files\Mozilla Firefox\xul.dll+8192f5|C:\Program Files\Mozilla Firefox\xul.dll+81797e|C:\Program Files\Mozilla Firefox\xul.dll+817bb0|C:\Program Files\Mozilla Firefox\xul.dll+33c175a|C:\Program Files\Mozilla Firefox\xul.dll+33c1518|C:\Program Files\Mozilla Firefox\xul.dll+33c448e|C:\Program Files\Mozilla Firefox\xul.dll+cfb5e4|C:\Program Files\Mozilla Firefox\xul.dll+1e5a54d|C:\Program Files\Mozilla Firefox\xul.dll+1ae77f|C:\Program Files\Mozilla Firefox\xul.dll+91046c|C:\Program Files\Mozilla Firefox\xul.dll+8d6c51|C:\Program Files\Mozilla Firefox\xul.dll+19876d|C:\Program Files\Mozilla Firefox\xul.dll+914c17|C:\Program Files\Mozilla Firefox\xul.dll+8df324|C:\Program Files\Mozilla Firefox\xul.dll+8e2051 10341000x8000000000000000239505Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.600{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E425-615E-0901-00000000FD01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+197d23|C:\Program Files\Mozilla Firefox\xul.dll+819065|C:\Program Files\Mozilla Firefox\xul.dll+8192f5|C:\Program Files\Mozilla Firefox\xul.dll+81797e|C:\Program Files\Mozilla Firefox\xul.dll+817bb0|C:\Program Files\Mozilla Firefox\xul.dll+33c175a|C:\Program Files\Mozilla Firefox\xul.dll+33c1518|C:\Program Files\Mozilla Firefox\xul.dll+33c448e|C:\Program Files\Mozilla Firefox\xul.dll+cfb5e4|C:\Program Files\Mozilla Firefox\xul.dll+1e5a54d|C:\Program Files\Mozilla Firefox\xul.dll+1ae77f|C:\Program Files\Mozilla Firefox\xul.dll+91046c|C:\Program Files\Mozilla Firefox\xul.dll+8d6c51|C:\Program Files\Mozilla Firefox\xul.dll+19876d|C:\Program Files\Mozilla Firefox\xul.dll+914c17|C:\Program Files\Mozilla Firefox\xul.dll+8df324|C:\Program Files\Mozilla Firefox\xul.dll+8e2051 10341000x8000000000000000239504Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.581{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1A0-615E-1500-00000000FD01}1232C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239503Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.579{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1A0-615E-1500-00000000FD01}1232C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239502Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.579{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1A0-615E-1500-00000000FD01}1232C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000239501Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.246{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local53705-false142.250.186.34fra24s04-in-f2.1e100.net443https 354300x8000000000000000239500Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.219{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local53704-false142.250.185.162fra16s51-in-f2.1e100.net443https 354300x8000000000000000239499Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.207{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53703- 354300x8000000000000000239498Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.206{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local49242- 23542300x8000000000000000239497Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.327{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0F1BAC857135CFEFA52A7A236EEAD4AC,SHA256=D8DA6EDA7908A40B79F4163B96CB11DA13D78680D367CE2D33B79C9D201FD7BC,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239496Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.138{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56596-false142.250.186.34fra24s04-in-f2.1e100.net443https 354300x8000000000000000239495Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.125{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56595-false142.250.186.34fra24s04-in-f2.1e100.net443https 354300x8000000000000000239494Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.110{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56594-false54.36.109.155p05.id5-sync.com443https 354300x8000000000000000239493Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.076{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-58178- 354300x8000000000000000239492Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.062{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56593-false142.250.186.34fra24s04-in-f2.1e100.net443https 354300x8000000000000000239491Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.053{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56592-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domain 354300x8000000000000000239490Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.053{6EDEAD03-E1A0-615E-1400-00000000FD01}1040C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56592-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domain 354300x8000000000000000239489Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.052{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60946- 354300x8000000000000000239488Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.051{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64975-false142.250.184.194fra24s11-in-f2.1e100.net443https 354300x8000000000000000239487Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.051{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64974-false152.199.22.191-443https 354300x8000000000000000239486Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.051{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60261- 354300x8000000000000000239485Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.051{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58361- 354300x8000000000000000239484Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.050{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64973-false151.101.113.108-443https 354300x8000000000000000239483Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.049{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52005- 354300x8000000000000000239482Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.049{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51860- 354300x8000000000000000239481Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.044{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59317- 354300x8000000000000000239480Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.044{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52614- 354300x8000000000000000239479Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.968{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50792- 354300x8000000000000000239478Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.965{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64972-false91.228.74.189-443https 354300x8000000000000000239477Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.962{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55097- 354300x8000000000000000239476Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.954{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60366- 22542200x8000000000000000239475Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.518{6EDEAD03-E420-615E-0601-00000000FD01}6016pagead-googlehosted.l.google.com02a00:1450:4001:802::2001;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239474Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.516{6EDEAD03-E420-615E-0601-00000000FD01}6016pagead-googlehosted.l.google.com0142.250.185.65;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239473Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.232{6EDEAD03-E420-615E-0601-00000000FD01}6016cs1561.wpc.edgecastcdn.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239472Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.068{6EDEAD03-E420-615E-0601-00000000FD01}6016id5-sync.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239471Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.064{6EDEAD03-E420-615E-0601-00000000FD01}6016id5-sync.com051.89.7.199;51.89.21.8;51.75.146.200;54.36.109.22;51.89.21.30;54.36.109.166;51.89.21.10;51.89.42.86;51.89.20.87;54.36.109.47;51.195.5.232;51.89.21.21;51.75.146.199;51.89.7.110;54.36.109.48;51.89.21.20;51.195.5.234;54.36.109.46;141.95.3.10;51.89.7.205;54.36.109.156;141.95.3.40;51.195.5.38;51.195.5.40;51.89.21.5;51.89.7.198;51.195.5.231;54.36.109.186;51.89.20.86;51.89.7.202;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239470Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.063{6EDEAD03-E420-615E-0601-00000000FD01}6016id5-sync.com0::ffff:54.36.109.155;::ffff:51.89.7.199;::ffff:51.89.21.8;::ffff:51.75.146.200;::ffff:54.36.109.22;::ffff:51.89.21.30;::ffff:54.36.109.166;::ffff:51.89.21.10;::ffff:51.89.42.86;::ffff:51.89.20.87;::ffff:54.36.109.47;::ffff:51.195.5.232;::ffff:51.89.21.21;::ffff:51.75.146.199;::ffff:51.89.7.110;::ffff:54.36.109.48;::ffff:51.89.21.20;::ffff:51.195.5.234;::ffff:54.36.109.46;::ffff:141.95.3.10;::ffff:51.89.7.205;::ffff:54.36.109.156;::ffff:141.95.3.40;::ffff:51.195.5.38;::ffff:51.195.5.40;::ffff:51.89.21.5;::ffff:51.89.7.198;::ffff:51.195.5.231;::ffff:54.36.109.186;::ffff:51.89.20.86;::ffff:51.89.7.202;::ffff:141.95.3.9;::ffff:54.36.109.49;::ffff:54.36.109.183;::ffff:141.95.34.105;::ffff:51.195.5.45;::ffff:51.89.42.88;::ffff:141.95.34.104;::ffff:51.89.21.31;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239469Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.060{6EDEAD03-E420-615E-0601-00000000FD01}6016prod.appnexus.map.fastly.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239468Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.058{6EDEAD03-E420-615E-0601-00000000FD01}6016adservice.google.de0type: 5 pagead46.l.doubleclick.net;::ffff:142.250.184.194;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239467Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.058{6EDEAD03-E420-615E-0601-00000000FD01}6016cs1561.wpc.edgecastcdn.net0152.199.22.191;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239466Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.058{6EDEAD03-E420-615E-0601-00000000FD01}6016prod.appnexus.map.fastly.net0151.101.113.108;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239465Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.057{6EDEAD03-E420-615E-0601-00000000FD01}6016ad-cdn.technoratimedia.com0type: 5 cs1561.wpc.edgecastcdn.net;::ffff:152.199.22.191;C:\Program Files\Mozilla Firefox\firefox.exe 354300x8000000000000000239464Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.783{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetruefe80:0:0:0:0:ffff:ffff:fffe-65274-true2001:503:ba3e:0:0:0:2:30a.root-servers.net53domain 354300x8000000000000000239463Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:53.750{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local65500-false142.250.186.70fra24s05-in-f6.1e100.net443https 23542300x8000000000000000214000Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:55.292{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4162E8B4C2F16AD6DB7313F97E7F4847,SHA256=513BE4B55BD4F393AFB6CD63D5F71863B6E04334053412DD6971B469E8CAB4BD,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214002Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:53.726{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50033-false10.0.1.12-8000- 23542300x8000000000000000214001Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:56.292{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=873AE488F8CE73F8C3C66FFAA3A1CBC3,SHA256=497EF37E9DA310A85B257BEDDBACE0F72F8E822A91A11F298B42DC214CB9BDEB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239566Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.883{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000239565Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-07 12:28:56.859{6EDEAD03-E1A0-615E-1100-00000000FD01}424C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7bb76-0xe5ea6cc1) 354300x8000000000000000239564Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.654{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local49190- 354300x8000000000000000239563Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.653{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53223- 354300x8000000000000000239562Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.652{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58605- 354300x8000000000000000239561Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.584{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetruefe80:0:0:0:0:ffff:ffff:fffe-63437-true2001:500:2f:0:0:0:0:f-53domain 10341000x8000000000000000239560Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.730{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239559Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.660{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239558Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.628{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239557Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.626{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239556Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.626{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239555Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.619{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239554Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.614{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239553Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.599{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239552Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.598{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239551Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.596{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-walMD5=0DE4CC0894176B6CBA790AE22CB97E0A,SHA256=E68903C6DE3CA3183708EAF642B2D518101EC9449363D12490FA5D9F253BA584,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239550Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.595{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E425-615E-0B01-00000000FD01}5880C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239549Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.591{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239548Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.586{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-shmMD5=1A7CA23C2356FFBB3140A39610E47B27,SHA256=6FFC846B1E8E795E85F68B1EF13E4EC25C792C436A0186C03105B48DE7CB2406,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239547Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.564{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++managed670.rssing.com\ls\data.sqlite-journalMD5=FEDDD64F036C13362312509B17937D6D,SHA256=DD327A2B7630E2D975FAFE7262879F670EB4ECBD5F2DE9BE4BA824427229A767,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239546Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.453{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local54892-false142.250.184.225fra24s12-in-f1.1e100.net443https 354300x8000000000000000239545Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.377{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56601-false142.250.184.225fra24s12-in-f1.1e100.net443https 354300x8000000000000000239544Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.273{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local54891-false142.250.185.228fra16s53-in-f4.1e100.net443https 354300x8000000000000000239543Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.246{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local54889-false142.250.185.66fra16s48-in-f2.1e100.net443https 23542300x8000000000000000239542Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.529{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++managed670.rssing.com\ls\data.sqlite-journalMD5=80C40CFD0DCF2DECF7C739455357E1A0,SHA256=8F73A1BAD1F7D062F1D49884CF0660A56720F06BCD5E68BCB4A6B76DF5F48E1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239541Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.514{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++managed670.rssing.com\ls\data.sqlite-journalMD5=088402A1445A9BF39684A865FA8A381D,SHA256=91FE7803268CD367C32F3653AF951503FF363B6E7BCB793513DA96F307716D37,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239540Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.499{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++managed670.rssing.com\ls\data.sqlite-journalMD5=60A48F0FD96DE8ABAB6D86E6226F44A5,SHA256=FCA998AEE2CA808A5D36E4E746201306C53D0EF5D3EEBEDF890DC96B56163BEE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239539Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.357{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239538Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.348{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D8727C8EA24D7BD94DE8737AC3DF4B43,SHA256=DDCECBC6FE77D9978D0455854573B155D8B5515EC88DF8AFB98CA7B861988BB3,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239537Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.195{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56600-false142.250.185.228fra16s53-in-f4.1e100.net443https 354300x8000000000000000239536Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.194{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56599-false142.250.185.66fra16s48-in-f2.1e100.net443https 354300x8000000000000000239535Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.194{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53276- 354300x8000000000000000239534Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.193{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56858- 354300x8000000000000000239533Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.193{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60279- 354300x8000000000000000239532Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.192{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56436- 354300x8000000000000000239531Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.188{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58722- 354300x8000000000000000239530Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.187{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51625- 10341000x8000000000000000239529Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.155{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 22542200x8000000000000000239528Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.204{6EDEAD03-E420-615E-0601-00000000FD01}6016www.google.com02a00:1450:4001:80f::2004;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239527Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.202{6EDEAD03-E420-615E-0601-00000000FD01}6016www.google.com0142.250.185.228;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239526Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.201{6EDEAD03-E420-615E-0601-00000000FD01}6016www.google.com0::ffff:142.250.185.228;C:\Program Files\Mozilla Firefox\firefox.exe 354300x8000000000000000239525Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:54.874{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56598-false142.250.74.194fra24s02-in-f2.1e100.net443https 23542300x8000000000000000214003Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:57.292{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=48D7BCA297AD74947BB8BF598772673B,SHA256=B7B7D705FAB25BBAF3AC6021B24458978721F4CBE83412A33EC5219952326C7C,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239606Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.707{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local57185-false142.250.184.194fra24s11-in-f2.1e100.net443https 354300x8000000000000000239605Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.701{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-52044- 354300x8000000000000000239604Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.681{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57184- 354300x8000000000000000239603Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.679{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local49908- 354300x8000000000000000239602Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.679{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54913- 354300x8000000000000000239601Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.628{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local59754-false142.250.72.35den16s08-in-f3.1e100.net443https 354300x8000000000000000239600Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.570{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56610-false142.250.184.194fra24s11-in-f2.1e100.net443https 354300x8000000000000000239599Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.570{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56609-false172.217.23.98mil04s23-in-f2.1e100.net443https 354300x8000000000000000239598Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.567{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59753- 354300x8000000000000000239597Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.565{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52836- 354300x8000000000000000239596Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.564{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60992- 354300x8000000000000000239595Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.558{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57723- 354300x8000000000000000239594Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.461{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local52904-false173.194.188.103fra16s33-in-f7.1e100.net443https 354300x8000000000000000239593Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.398{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56608-false173.194.188.103fra16s33-in-f7.1e100.net443https 354300x8000000000000000239592Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.385{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52903- 354300x8000000000000000239591Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.384{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50348- 354300x8000000000000000239590Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.380{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56606-false142.250.72.35den16s08-in-f3.1e100.net443https 354300x8000000000000000239589Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.372{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54454- 354300x8000000000000000239588Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.362{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56605-false142.250.72.35den16s08-in-f3.1e100.net443https 354300x8000000000000000239587Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.345{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local53752-false172.217.16.142zrh04s06-in-f142.1e100.net443https 354300x8000000000000000239586Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.305{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56603-false142.250.72.35den16s08-in-f3.1e100.net443https 354300x8000000000000000239585Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.301{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56607-false172.217.16.142zrh04s06-in-f142.1e100.net443https 354300x8000000000000000239584Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.300{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53751- 354300x8000000000000000239583Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.300{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60631- 10341000x8000000000000000239582Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:57.456{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239581Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:57.456{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239580Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:57.456{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239579Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:57.455{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239578Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:57.372{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7EC6B4EAA9B273001213F49AE8BADD95,SHA256=370334FA4E1DF143A09C5CD3E79067E01BB15515E0084CC8B6126B2DDDA00306,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239577Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.215{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56604-false142.250.185.162fra16s51-in-f2.1e100.net443https 354300x8000000000000000239576Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.191{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58760- 354300x8000000000000000239575Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.190{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52922- 10341000x8000000000000000239574Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:57.229{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239573Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:57.221{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239572Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:57.221{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000239571Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.843{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local59136-false173.194.76.157ws-in-f157.1e100.net443https 354300x8000000000000000239570Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.754{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56602-false173.194.76.157ws-in-f157.1e100.net443https 354300x8000000000000000239569Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.740{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59135- 354300x8000000000000000239568Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.739{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53826- 354300x8000000000000000239567Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:55.736{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50795- 23542300x8000000000000000214004Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:58.308{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=025F4FC4E478E429E6DCDC5A5B0FB742,SHA256=2E6F076C22388F3F84E5C7388469EEC98D727B6F4842F16D38097E51C2A7F5DD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239618Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:58.808{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239617Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:58.399{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=285A1C97C67740EFADB853005F267AD1,SHA256=8F8BD50B488ECAF9854E010EF6860DDD585A81E5C585C5945CD53028CDC81CA5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239616Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:58.342{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+93f6c9|C:\Program Files\Mozilla Firefox\xul.dll+93f5ea|C:\Program Files\Mozilla Firefox\xul.dll+93f1d9|C:\Program Files\Mozilla Firefox\xul.dll+93b2df|C:\Program Files\Mozilla Firefox\xul.dll+93b5ec|C:\Program Files\Mozilla Firefox\xul.dll+a8e26a|C:\Program Files\Mozilla Firefox\xul.dll+2ced09|C:\Program Files\Mozilla Firefox\xul.dll+2cec14|C:\Program Files\Mozilla Firefox\xul.dll+2ce9fd|C:\Program Files\Mozilla Firefox\xul.dll+2ce894|C:\Program Files\Mozilla Firefox\xul.dll+24fc451|C:\Program Files\Mozilla Firefox\xul.dll+258568e|C:\Program Files\Mozilla Firefox\xul.dll+2e2d477|C:\Program Files\Mozilla Firefox\xul.dll+2e2cf9d|C:\Program Files\Mozilla Firefox\xul.dll+2e3c18e|C:\Program Files\Mozilla Firefox\xul.dll+2e3bd2c|C:\Program Files\Mozilla Firefox\xul.dll+2a64bd0|C:\Program Files\Mozilla Firefox\xul.dll+165c550|C:\Program Files\Mozilla Firefox\xul.dll+162614a|C:\Program Files\Mozilla Firefox\xul.dll+1abd39b 10341000x8000000000000000239615Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:58.339{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+93f6c9|C:\Program Files\Mozilla Firefox\xul.dll+93f5ea|C:\Program Files\Mozilla Firefox\xul.dll+93f1d9|C:\Program Files\Mozilla Firefox\xul.dll+93b2df|C:\Program Files\Mozilla Firefox\xul.dll+93b5ec|C:\Program Files\Mozilla Firefox\xul.dll+256a551|C:\Program Files\Mozilla Firefox\xul.dll+24fef30|C:\Program Files\Mozilla Firefox\xul.dll+24fde84|C:\Program Files\Mozilla Firefox\xul.dll+24fddb4|C:\Program Files\Mozilla Firefox\xul.dll+2cf0bb|C:\Program Files\Mozilla Firefox\xul.dll+2cec3b|C:\Program Files\Mozilla Firefox\xul.dll+2ce9fd|C:\Program Files\Mozilla Firefox\xul.dll+2ce894|C:\Program Files\Mozilla Firefox\xul.dll+24fc451|C:\Program Files\Mozilla Firefox\xul.dll+258568e|C:\Program Files\Mozilla Firefox\xul.dll+2e2d477|C:\Program Files\Mozilla Firefox\xul.dll+2e2cf9d|C:\Program Files\Mozilla Firefox\xul.dll+2e38c4a|C:\Program Files\Mozilla Firefox\xul.dll+2a608cf|C:\Program Files\Mozilla Firefox\xul.dll+165c550 10341000x8000000000000000239614Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:58.339{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+93f6c9|C:\Program Files\Mozilla Firefox\xul.dll+93f5ea|C:\Program Files\Mozilla Firefox\xul.dll+93f1d9|C:\Program Files\Mozilla Firefox\xul.dll+93b2df|C:\Program Files\Mozilla Firefox\xul.dll+93b5ec|C:\Program Files\Mozilla Firefox\xul.dll+a8e26a|C:\Program Files\Mozilla Firefox\xul.dll+2ced09|C:\Program Files\Mozilla Firefox\xul.dll+2cec14|C:\Program Files\Mozilla Firefox\xul.dll+2ce9fd|C:\Program Files\Mozilla Firefox\xul.dll+2ce894|C:\Program Files\Mozilla Firefox\xul.dll+24fc451|C:\Program Files\Mozilla Firefox\xul.dll+258568e|C:\Program Files\Mozilla Firefox\xul.dll+2e2d477|C:\Program Files\Mozilla Firefox\xul.dll+2e2cf9d|C:\Program Files\Mozilla Firefox\xul.dll+2e38c4a|C:\Program Files\Mozilla Firefox\xul.dll+2a608cf|C:\Program Files\Mozilla Firefox\xul.dll+165c550|C:\Program Files\Mozilla Firefox\xul.dll+162614a|C:\Program Files\Mozilla Firefox\xul.dll+1abd39b|C:\Program Files\Mozilla Firefox\xul.dll+16e35ae 10341000x8000000000000000239613Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:58.183{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239612Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:58.182{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239611Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:58.180{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239610Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:58.156{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239609Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:58.155{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 22542200x8000000000000000239608Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.330{6EDEAD03-E420-615E-0601-00000000FD01}6016bandaid-redirector.l.google.com02a00:1450:4001:80e::200e;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239607Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:56.309{6EDEAD03-E420-615E-0601-00000000FD01}6016bandaid-redirector.l.google.com0172.217.16.142;C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000214005Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:59.355{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=027C65C65C032C9AB587E0A966EFC168,SHA256=DE56783605920CC4619C76CC577E1C3A8F6616AAEE43B22254908369AFCB8953,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239621Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:57.385{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetruefe80:0:0:0:0:ffff:ffff:fffe-65274-true2001:dc3:0:0:0:0:0:35-53domain 10341000x8000000000000000239620Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:59.363{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239619Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:59.344{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CEC75F23EB5332AC27269F6F47D1FBF1,SHA256=A5EA3632E97FDFD7F458B684D523C417DE51791201BEBA4B8ABCB25C10D3B8AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214006Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:00.386{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA9C7AB0DB944A61DEA5E4FCCB577C70,SHA256=E00EE305051C02E8E12336160641E6D875F5BF0B579C59A531D5BF69AC5E91EC,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239625Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:59.684{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53062- 354300x8000000000000000239624Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:59.472{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetruefe80:0:0:0:0:ffff:ffff:fffe-64053-true2001:500:a8:0:0:0:0:e-53domain 354300x8000000000000000239623Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:59.123{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56611-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000239622Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:00.348{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21BFBF3DBAF1ADAAE105E24D1E2652A1,SHA256=0553DFF7E21D8ACCB6491AEACD96E56179027F1269A05F67C4FC2F0327023035,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214007Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:01.386{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=76E56F04556524B76C031D8CF6FD019A,SHA256=FBB280F019511D99566FD547A142F621E5CC67911A477944147999CE6A4C54C8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239634Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:01.964{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239633Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:01.943{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000239632Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:00.743{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-59643- 354300x8000000000000000239631Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:00.716{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59643- 354300x8000000000000000239630Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:28:59.709{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-53062- 10341000x8000000000000000239629Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:01.761{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239628Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:01.761{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239627Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:01.589{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239626Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:01.358{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=11797F899F39CFB6C74C5892F6C4725B,SHA256=0224EC1911A0851BF2D54475B6E97B2D6487140803B63F33A48C85DAC051624E,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214009Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:28:58.758{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50034-false10.0.1.12-8000- 23542300x8000000000000000214008Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:02.386{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=050AFAB2CC70E42EA07088E403D6D3F9,SHA256=56C77D54239E83188CA601A3A0A3D5C22688C4583EB665ADAFC274B6B640245D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239645Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:02.813{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239644Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:02.773{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239643Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:02.758{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239642Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:02.724{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239641Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:02.715{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239640Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:02.712{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239639Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:02.711{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239638Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:02.711{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E425-615E-0B01-00000000FD01}5880C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239637Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:02.707{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239636Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:02.380{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A2D65699E63C75D0BE353E1AD0C960C2,SHA256=BFEEF4620C16152FF56CB0F2E5ADCA5391FFE731864383FAC3A423BDBA01CD83,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239635Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:02.119{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239652Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:03.753{6EDEAD03-E425-615E-0B01-00000000FD01}5880ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41MD5=2BDD77DE8E70D857436A9F994A2CC4DB,SHA256=56ACC140838EA4C6F20A596CC0E0465E4748430105EA83BF8BDDB587F1507B0B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239651Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:03.421{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239650Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:03.393{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AFB2845E985C581C8DF08984AB8BE3BA,SHA256=66BE3ED46425ACEC2848DCB0B00A460108EA10DCB5FF25A562A4551E66E4360A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214010Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:03.402{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C436C3EF88F77FBC152243FEFD7B813,SHA256=FFEA1041D314E812C45097BC279A689BBB52F1C74A5B25A4C5438D278FABF5AB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239649Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:03.341{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239648Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:03.262{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239647Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:03.187{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239646Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:03.108{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214011Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:04.402{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=09D638771F5A4FF58E5C535E4E4E993F,SHA256=35482DF4F61511A194D8986B927D7126556D03625E636D4B4D65B470C5332861,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239657Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:02.799{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetruefe80:0:0:0:0:ffff:ffff:fffe-63459-true2001:503:c27:0:0:0:2:30-53domain 10341000x8000000000000000239656Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:04.583{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239655Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:04.541{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239654Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:04.408{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CA7D99E4D0DA5F65D5CED54708B1A344,SHA256=E191128229AECEC1EDE3C018D2EB7CA453892BFD2A331C69781E32D57BC44798,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239653Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:04.023{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214012Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:05.480{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8DDE6A630439BF8E2A0B8055E88230C8,SHA256=6159693F73B5D1AC99227F9D578B46EEE527BA24063BEEBF4F205F9CE8B388DA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239661Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:05.663{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239660Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:05.418{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA45F787736F191AEFCBB8F7D725548F,SHA256=2F046AC3FCFD734975B68706C5DA82986E64612EC4F10197FC40522C3938306C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239659Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:05.393{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239658Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:05.144{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214013Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:06.480{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=938A8520862A83A0B9229AC1A6304E03,SHA256=D6F2E0A953ACDB5ABE519922DE50157400B2A2775FA5D2BF04CFD06F3178A436,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239677Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:04.989{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56612-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000239676Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:04.783{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-49852- 23542300x8000000000000000239675Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:06.788{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-walMD5=8AA47975DE0C0A2157A9C241BC46241C,SHA256=6E5BDD816F9B714DFD6835E6810BBB4E677D5C8D4229BB9EE22DCE2BFF8DA324,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239674Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:06.785{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-shmMD5=3C20F079776C738E4865F999EE6DB662,SHA256=CC1AA3FCABE05A0E887E11B6A976731148E1F6D48C095EADE8DB90CCA628D546,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239673Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:06.774{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++managed670.rssing.com\ls\data.sqlite-journalMD5=C6D21C5BEF16C622F11227AAB69ADC9F,SHA256=4F07ADFEA0DEDC9814DC8B7D25797EF02541DB361F6B3AA1B7592B6AD5DA6FD9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239672Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:06.761{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++managed670.rssing.com\ls\usageMD5=6B8555AB9FDE6310D3E71E01D309780E,SHA256=A22DDCF27E16FA01B790A72347CF89C957FDBE56509D961960FA724B34E256A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239671Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:06.433{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4235FA55C634C829563BA203813B7AAF,SHA256=2A742833D74776C25C85AEA8455E50D1EE9D75062D5670E5D5F4129B6C793EBD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239670Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:06.408{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E812-615E-9E01-00000000FD01}6772C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239669Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:06.407{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239668Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:06.407{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239667Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:06.406{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239666Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:06.405{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239665Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:06.405{6EDEAD03-E19E-615E-0500-00000000FD01}420436C:\Windows\system32\csrss.exe{6EDEAD03-E812-615E-9E01-00000000FD01}6772C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000239664Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:06.405{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E812-615E-9E01-00000000FD01}6772C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000239663Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:06.404{6EDEAD03-E812-615E-9E01-00000000FD01}6772C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000239662Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:06.260{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239697Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.595{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E813-615E-A001-00000000FD01}5048C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239696Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.593{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239695Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.593{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239694Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.593{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239693Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.593{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239692Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.592{6EDEAD03-E19E-615E-0500-00000000FD01}4201708C:\Windows\system32\csrss.exe{6EDEAD03-E813-615E-A001-00000000FD01}5048C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000239691Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.592{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E813-615E-A001-00000000FD01}5048C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000239690Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.592{6EDEAD03-E813-615E-A001-00000000FD01}5048C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000239689Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.450{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=62DED66DF81E96854345D15098BECA1C,SHA256=236548F906767CBAC014934A285C068122DCB0992B03F6D74328F6441410A717,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214015Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:03.805{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50035-false10.0.1.12-8000- 23542300x8000000000000000214014Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:07.480{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=50D8689A9E2E6B3DF465F376E0542DFB,SHA256=8D657D1652400B5A94C8F53CE9C86ED98D51A41DEBBA0B0207B3D24B34820CC6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239688Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.413{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=86F5F51439C3197DF55841305043B48F,SHA256=2371B99ED9C773B309502970C4E5558EAA329E5B98FDA611352E97C2A111F0F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239687Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.410{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D1E6C5779364C36B0E239D0991BCD98D,SHA256=D8C498BA54B73BF57663BCD5ACCD0C3397ED101A5A4B7CE24278894650C6A58D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239686Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.393{6EDEAD03-E813-615E-9F01-00000000FD01}4044556C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239685Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.078{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E813-615E-9F01-00000000FD01}404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239684Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.074{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239683Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.074{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239682Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.074{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239681Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.073{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239680Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.073{6EDEAD03-E19E-615E-0500-00000000FD01}4202412C:\Windows\system32\csrss.exe{6EDEAD03-E813-615E-9F01-00000000FD01}404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000239679Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.073{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E813-615E-9F01-00000000FD01}404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000239678Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:07.073{6EDEAD03-E813-615E-9F01-00000000FD01}404C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000239708Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:08.743{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=7B039B2B370FEEACDEC7C8471F52CAD2,SHA256=CF4256B883D342774E44A4A27D924C8170B5F3FBB9ADD433222D7E0988E20033,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239707Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:08.740{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=567362C1EFC362F12AEFB11478602CB8,SHA256=BAB3FF1D25B50587C578582FC38A0B033F7E4ECE997C0176D7E5914051030C1B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239706Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:08.738{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=3D64ADAD99654576A7FD1541C676AA8C,SHA256=63FD12E2EB82B482B10DFFC9294DDD4497A0D4550446E311835C0E95CB2736BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239705Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:08.734{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=01E821DD24F338840B5CFBE40E316D7E,SHA256=80ED6803A50D147F4D9C218BE4EC84A7FB6CB0DAC1D9B571D4912F14AFC13E34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239704Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:08.733{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=5E6EC0B5671CB202B57B8CD95A703A2D,SHA256=5F86CF323AA3CF1E4CE27C986DB7EDFF70AFB7E1B43B806D80D60F4BD059B0C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239703Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:08.730{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=2442CEFD0BFA52F9EB82514F1011B2CD,SHA256=55F6870EF759E12A0EC032E1409E9F7601D8A1028F5633F54351CE568395D6DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239702Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:08.630{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=86F5F51439C3197DF55841305043B48F,SHA256=2371B99ED9C773B309502970C4E5558EAA329E5B98FDA611352E97C2A111F0F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239701Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:08.462{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=74A71EDED2CA822D2D670F4430CF4C8F,SHA256=CD1858CDD4EEE8BE37744AC5F8C21EF48A013099593EF42FAC8FA14D44E9BC77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214016Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:08.480{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E9DF57B485C8D6B0783F41CF027167AC,SHA256=F89177602C8A9DD6866214CC67B1A1E3691B9ED03185B1B22D9B2B53DF1FE58F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239700Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:06.626{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56613-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000239699Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:06.626{6EDEAD03-E1B1-615E-2B00-00000000FD01}2968C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56613-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000239698Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:06.400{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetruefe80:0:0:0:0:ffff:ffff:fffe-63459-true2001:500:2:0:0:0:0:cc.root-servers.net53domain 10341000x8000000000000000239718Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:09.990{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239717Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:09.777{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E815-615E-A101-00000000FD01}4904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239716Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:09.773{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239715Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:09.772{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239714Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:09.772{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239713Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:09.772{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239712Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:09.772{6EDEAD03-E19E-615E-0500-00000000FD01}420436C:\Windows\system32\csrss.exe{6EDEAD03-E815-615E-A101-00000000FD01}4904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000239711Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:09.772{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E815-615E-A101-00000000FD01}4904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000239710Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:09.772{6EDEAD03-E815-615E-A101-00000000FD01}4904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000239709Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:09.507{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85F3B9026EC77FF69C6B22A04D5384D3,SHA256=C947217647E8DF2A13E59CE6A19B430FBE00D06F9FDF925564A3ADEA5F78B8B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214017Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:09.480{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B60166063E0B9A00076AECF2F9E9C42E,SHA256=B6AE234693B5EEE852D2F44430FE93D4DFBAE2C5E7A88B8D553D23FCDAFE6B40,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239731Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:10.939{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E816-615E-A201-00000000FD01}7068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239730Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:10.931{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239729Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:10.931{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239728Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:10.931{6EDEAD03-E19E-615E-0500-00000000FD01}420536C:\Windows\system32\csrss.exe{6EDEAD03-E816-615E-A201-00000000FD01}7068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000239727Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:10.931{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239726Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:10.931{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239725Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:10.930{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E816-615E-A201-00000000FD01}7068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000239724Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:10.930{6EDEAD03-E816-615E-A201-00000000FD01}7068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000239723Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:10.790{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7CEEAAF8D1CF38F0FF1988767EA9CF74,SHA256=892BB018849A0DD5542CAF2E10B5941E43B1ABE6AE6F54F0278096F21D3DC503,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239722Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:10.528{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=86241E29D9E33A16129A34199706B845,SHA256=1CD50F2888DC3B3D54BAA95A40934FE9A468CEC882661F309F008838E4A26CB6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214018Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:10.480{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C03068D26416B941B4B4C207D156CFFA,SHA256=C0363474F7EB7745C4B2D1E39556FE9A0F1524615693948F680D718D471A537C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239721Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:10.274{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42C-615E-1101-00000000FD01}6956C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239720Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:10.221{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239719Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:10.133{6EDEAD03-E815-615E-A101-00000000FD01}49044196C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239747Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:11.961{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+ebee38|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880 23542300x8000000000000000239746Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:11.957{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=69913BB0E7E45AD83B91F1E714E632FD,SHA256=85F346DE0BB8BA0C958F7D9F42CD3A004A58EA2798B6A9A2B73F6FE9A3182A04,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239745Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:11.729{6EDEAD03-E817-615E-A301-00000000FD01}4168312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239744Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:11.553{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=34E02013BBB8562DF37FE626936227A8,SHA256=3510C863779955300F2AF4CCEB988BC30066720682B17EEBF410D75F385483B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214019Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:11.480{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8564C518BCA81622AFC9B3B2375384D4,SHA256=581CAD314EF778DB280A55D8A0588DABD449B456C1CCA68334ACF256F14A8113,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239743Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:11.462{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E817-615E-A301-00000000FD01}4168C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239742Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:11.455{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239741Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:11.455{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239740Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:11.454{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239739Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:11.454{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239738Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:11.454{6EDEAD03-E19E-615E-0500-00000000FD01}4202412C:\Windows\system32\csrss.exe{6EDEAD03-E817-615E-A301-00000000FD01}4168C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000239737Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:11.453{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E817-615E-A301-00000000FD01}4168C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000239736Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:11.453{6EDEAD03-E817-615E-A301-00000000FD01}4168C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000239735Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:11.348{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e56b54 10341000x8000000000000000239734Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:11.347{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e56b54 10341000x8000000000000000239733Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:11.346{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e56b54 10341000x8000000000000000239732Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:11.292{6EDEAD03-E816-615E-A201-00000000FD01}70684192C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000214021Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:09.648{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50036-false10.0.1.12-8000- 23542300x8000000000000000214020Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:12.480{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=799DC3018AAD199718BB67F3042F56D2,SHA256=A6BD403CE8E2795575C1838DA270E9CB7DCA5DDBA5B28E41F54C67D4406CFC04,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239757Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:12.607{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5A94735C54F2384859AB8BDE7FC616C0,SHA256=3DBDBA155BB2929C6B88F14287B143EE21EE74700F56427BA19FE55D5C31C4D9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239756Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:12.514{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E818-615E-A401-00000000FD01}716C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239755Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:12.508{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239754Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:12.508{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239753Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:12.508{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239752Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:12.505{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239751Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:12.505{6EDEAD03-E19E-615E-0500-00000000FD01}420536C:\Windows\system32\csrss.exe{6EDEAD03-E818-615E-A401-00000000FD01}716C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000239750Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:12.504{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E818-615E-A401-00000000FD01}716C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000239749Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:12.504{6EDEAD03-E818-615E-A401-00000000FD01}716C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000239748Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:10.091{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56614-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000214022Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:13.480{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2758D22F4CC1F90E2C0AB92F4D51482B,SHA256=01F23D19A962FEFE1BEA8EF88186BC95263DDEFDA93AF96F7F410858446F1FDD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239772Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.937{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+b3ed70|C:\Program Files\Mozilla Firefox\xul.dll+b3e6ed|C:\Program Files\Mozilla Firefox\xul.dll+b377b4|C:\Program Files\Mozilla Firefox\xul.dll+b3cbe8|C:\Program Files\Mozilla Firefox\xul.dll+b3d361|C:\Program Files\Mozilla Firefox\xul.dll+389961|C:\Program Files\Mozilla Firefox\xul.dll+b3e119|C:\Program Files\Mozilla Firefox\xul.dll+b410d2|C:\Program Files\Mozilla Firefox\xul.dll+b3db36|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b1e573|C:\Program Files\Mozilla Firefox\xul.dll+b1d776 354300x8000000000000000239771Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:12.368{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52362- 354300x8000000000000000239770Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:12.365{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54963- 354300x8000000000000000239769Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:12.365{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57807- 354300x8000000000000000239768Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:12.364{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57790- 23542300x8000000000000000239767Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.615{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=67C0051FF4CDB03B3B06EBD229C38295,SHA256=6839EFB68B64DE6E0CF28EC8227AAC34BE8AFAC149B96BA4A936A959852E23BF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239766Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.590{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239765Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.589{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239764Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.588{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239763Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.588{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239762Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.588{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239761Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.587{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239760Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.511{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7D46066A4B459276732667E4CA24EEC8,SHA256=AFF4916CE26F9828EBD0FF3C3A6D8ED0451964A7C03F849E4D1FD5987D878E5D,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000239759Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:12.372{6EDEAD03-E420-615E-0601-00000000FD01}6016github.com0::ffff:140.82.121.3;C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000239758Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.217{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\protections.sqlite-journalMD5=396F43EFE0E3FCFBF37149D3FD44DDEF,SHA256=CBC92174D66F920B4B9551181905019D7F22CD8B5DA90C6A2F9DA0694ABB044C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239789Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:14.625{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD517440FBE9A40F87C49769B87071F9,SHA256=4239BBC3357DE7E8967AFC37AF5374FAED0C97678E3A833501763644DAAEBE7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214023Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:14.481{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=700704A32D17F4C1A2BF143BB655CBB9,SHA256=943D5244D18540B48B4F1EBD7056E65574D9A9CC4C307154B54350DCF09AB5E4,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000239788Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.133{6EDEAD03-E420-615E-0601-00000000FD01}6016github.githubassets.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239787Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.129{6EDEAD03-E420-615E-0601-00000000FD01}6016github.githubassets.com0185.199.111.154;185.199.108.154;185.199.109.154;185.199.110.154;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239786Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.120{6EDEAD03-E420-615E-0601-00000000FD01}6016github.githubassets.com0::ffff:185.199.110.154;::ffff:185.199.111.154;::ffff:185.199.108.154;::ffff:185.199.109.154;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239785Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:12.375{6EDEAD03-E420-615E-0601-00000000FD01}6016github.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239784Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:12.374{6EDEAD03-E420-615E-0601-00000000FD01}6016github.com0140.82.121.3;C:\Program Files\Mozilla Firefox\firefox.exe 354300x8000000000000000239783Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.139{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56622-false185.199.110.154cdn-185-199-110-154.github.com443https 354300x8000000000000000239782Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.124{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56620-false185.199.110.154cdn-185-199-110-154.github.com443https 354300x8000000000000000239781Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.124{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56618-false185.199.110.154cdn-185-199-110-154.github.com443https 354300x8000000000000000239780Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.124{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56621-false185.199.110.154cdn-185-199-110-154.github.com443https 354300x8000000000000000239779Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.124{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56619-false185.199.110.154cdn-185-199-110-154.github.com443https 354300x8000000000000000239778Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.120{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56617-false185.199.110.154cdn-185-199-110-154.github.com443https 354300x8000000000000000239777Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.112{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60166- 23542300x8000000000000000239776Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:14.310{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\permissions.sqlite-journalMD5=49F1AE5458DA67004D173DCB7FA92932,SHA256=241CBD003727A9B348B50C75E1A67BF2702A855DD6DB90627BAB4601460BAB31,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239775Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:12.968{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56616-false104.75.88.126a104-75-88-126.deploy.static.akamaitechnologies.com443https 354300x8000000000000000239774Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:12.368{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56615-false140.82.121.3lb-140-82-121-3-fra.github.com443https 10341000x8000000000000000239773Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:14.010{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880 23542300x8000000000000000239801Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:15.636{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EE672E832C72A47427022B3E5B4C3780,SHA256=95FCCE3AA2E1D748DA64A8EF0019070918646D94063FD0A03C2E9E1BAAC948CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214024Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:15.481{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2951EE46C4D5877BE5478A307F67C265,SHA256=0E7A18B83F15ECD815F0DCF08B8B955EC3860FA73DB31CCB0F6A7C48AFFBC033,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000239800Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.926{6EDEAD03-E420-615E-0601-00000000FD01}6016api.github.com0140.82.121.5;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239799Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.924{6EDEAD03-E420-615E-0601-00000000FD01}6016api.github.com0::ffff:140.82.121.5;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239798Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.830{6EDEAD03-E420-615E-0601-00000000FD01}6016analytics-collector-28944298.us-east-1.elb.amazonaws.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239797Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.820{6EDEAD03-E420-615E-0601-00000000FD01}6016analytics-collector-28944298.us-east-1.elb.amazonaws.com023.21.66.55;34.230.149.116;54.84.193.129;54.209.192.22;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239796Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.819{6EDEAD03-E420-615E-0601-00000000FD01}6016collector.githubapp.com0type: 5 analytics-collector-28944298.us-east-1.elb.amazonaws.com;::ffff:54.209.192.22;::ffff:23.21.66.55;::ffff:34.230.149.116;::ffff:54.84.193.129;C:\Program Files\Mozilla Firefox\firefox.exe 354300x8000000000000000239795Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.918{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56624-false140.82.121.5lb-140-82-121-5-fra.github.com443https 354300x8000000000000000239794Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.897{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56623-false54.209.192.22ec2-54-209-192-22.compute-1.amazonaws.com443https 354300x8000000000000000239793Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.842{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50502- 354300x8000000000000000239792Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.812{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58957- 354300x8000000000000000239791Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.811{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53105- 354300x8000000000000000239790Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.800{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60611- 23542300x8000000000000000214025Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:16.481{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C50315F99E276041D70CF290CDEFB26C,SHA256=E28B95740029D4E7D2656B3BFCE981DBA9A8B164298FF52F8DB0ACFD7F5D7499,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239808Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:16.644{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5F70A602394160A331BEC2EEC4F66C76,SHA256=837966A8A6D46AAE6EB155F2782A2522909216C14025E8A428C4D91303A22DC7,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000239807Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:14.070{6EDEAD03-E420-615E-0601-00000000FD01}6016avatars.githubusercontent.com02606:50c0:8000::154;2606:50c0:8001::154;2606:50c0:8002::154;2606:50c0:8003::154;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239806Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:14.067{6EDEAD03-E420-615E-0601-00000000FD01}6016avatars.githubusercontent.com0185.199.109.133;185.199.110.133;185.199.111.133;185.199.108.133;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239805Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:14.064{6EDEAD03-E420-615E-0601-00000000FD01}6016avatars.githubusercontent.com0::ffff:185.199.108.133;::ffff:185.199.109.133;::ffff:185.199.110.133;::ffff:185.199.111.133;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239804Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:13.930{6EDEAD03-E420-615E-0601-00000000FD01}6016api.github.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 354300x8000000000000000239803Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:14.057{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55297- 354300x8000000000000000239802Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:14.053{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56202- 23542300x8000000000000000214027Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:17.484{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=06EDD2ACAD491EB9533F721A150ED9D3,SHA256=272CBBEDB0927B3785AF23E0208796E710A77780C2F826655C10AA02C4551555,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239812Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:17.656{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=29213CCC7E44CB5712B844CCD0E52D60,SHA256=6C4E41853D94E78F7D1E2BE1CF1EC49EDF4E92B4BB30D2834FCFC708FFC32AA6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214026Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:17.205{49C67628-E19D-615E-1A00-00000000FE01}1804NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211007120136-026MD5=9D4F391515175B78F973C8B5B774DE70,SHA256=E6B13D39A78F2A37A848863A5E3913D5FD4B55347F92E521523460DA93139266,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239811Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:14.858{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60904- 354300x8000000000000000239810Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:14.858{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51077- 354300x8000000000000000239809Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:14.058{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56625-false185.199.108.133cdn-185-199-108-133.github.com443https 23542300x8000000000000000239820Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:18.788{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-walMD5=F9B0549A77E2BCC936B125DDF445B378,SHA256=78B44CD90E102CCBB41C5453CFC9BFBF6A720D0A123219327CEBD51F70519404,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239819Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:18.786{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-shmMD5=0EF804B5FBE80BE540112726E7296FF3,SHA256=8BE79BF611C4195F305F273C0A8EB4C154AD78E021DBDAB570F0C05658D6AB05,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239818Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:18.779{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++github.com\ls\data.sqlite-journalMD5=CC8A3AA4DA2474C654EBFE798224362B,SHA256=E58C89197E31012068E3E5F530D80988E9395F12B373DDF534AE5D440C467EBF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239817Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:18.755{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++github.com\ls\data.sqlite-journalMD5=1B26B2E832DEC45105D2C90005FD2C07,SHA256=7AD891A622BC11F458F14C06BC0A781DD417B64DBA792E83ABFFA6088B70F7F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239816Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:18.745{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++github.com\ls\data.sqlite-journalMD5=81E0064E51525D0EE4B09FD2F22867D5,SHA256=A6CDB5706C5B050C83D273A551C28CDE799CB7E27C6CC3243D21F0D66CB9C559,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239815Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:18.737{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++github.com\ls\data.sqlite-journalMD5=050D975E55D2B2A96E9520DC8CA834AC,SHA256=09CF1504B06AD9C93243397FB6E45181B3ACD99345D29FBBB6764E3C634EF18B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239814Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:18.662{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=624EE6F4FC9164D690E8105E6E160D69,SHA256=FEBE9E72B87BFC2051DB06A059FB6F5566C0D4FCCD3CDE2EC6C5EA8A0EB59906,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214030Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:18.498{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=63EA1D294A4F21E9C3C0C530F07EB384,SHA256=0634A33A6C5D0C227FCE3AAF35C639A13F6BDAAD1FAF3EC8686439055E08023C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214029Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:18.204{49C67628-E19D-615E-1A00-00000000FE01}1804NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211007120134-027MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214028Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:14.758{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50037-false10.0.1.12-8000- 354300x8000000000000000239813Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:15.141{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56626-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000239822Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:19.669{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E0D3729408650DE21CACE472DE5CC8AF,SHA256=5B1CA89F64BAA271277E01E44DAD620591F5A6CD96D61EDAC87152644BC2C6EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214031Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:19.500{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A35D4B362DECB786B4728FA1704EAF55,SHA256=F7369DFBB08C04B53D586003E90B5F36CEE6C4DB69B04BCDB67B24EDEADA3CB2,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239821Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:16.886{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60794- 23542300x8000000000000000214032Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:20.500{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9B26F00560D1C0CE51596A18C82FE468,SHA256=8DA527117C59C56D347F9F947D68BDA61C8152AEDBDC2D1F86FBAAE0973F66AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239823Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:20.673{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4DE7692B7E7C5373F764B93867972AE9,SHA256=E98BF0262429D735005B8491915669B73B5BC509C6FE178F47ABF64D35F8E3C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214033Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:21.500{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3005E42242B05EF911131548421E4E44,SHA256=C4B863A07371FE2C72E8CBCDBA08C6576ACFA3B00BD27DABFFFDCA81582CBAA1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239837Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:21.856{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239836Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:21.855{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239835Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:21.760{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239834Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:21.760{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239833Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:21.697{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E022E0C86398D10C2791D0A9CA65E03,SHA256=02D0934B505A9222AD02043B7DCA08111F67EACD5E6ADD12CB66EF9D246B2729,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239832Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:21.564{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239831Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:21.563{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239830Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:21.548{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239829Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:21.384{6EDEAD03-E420-615E-0601-00000000FD01}60165368C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239828Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:21.379{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e56b54 10341000x8000000000000000239827Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:21.379{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e56b54 10341000x8000000000000000239826Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:21.067{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+f1b414|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2 10341000x8000000000000000239825Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:21.066{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+f1b414|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2 10341000x8000000000000000239824Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:21.045{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e56b54 23542300x8000000000000000239838Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:22.719{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0F67F995329D811C1B283FAF29B96F1F,SHA256=7B54E82A97F5EA5F2074915F74A8FA5614F03C6F16EAD0AB3373D0327B5C5F90,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214034Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:22.516{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9AFC9E67353CA0B6C68DEB7A2DAB19EC,SHA256=FFE561C40B48D7CD32EDD9356A2978E6C2E56DF93DAAE00829A27704A6A6440A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239841Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:23.724{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2689926F2F672441D430BEB0ED3654CB,SHA256=207D6E645677649F86031462FD256E9B57889BB88F1779ED110AAF5434354D5F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214036Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:23.516{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CF8846FE97996D9DCBA1945EA34B7277,SHA256=B6707A8395531E0E66A96D2D928BB322C19CBECB56E7D2C4FA51CF7F64333D2B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239840Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:21.042{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56627-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000239839Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:20.975{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57680- 354300x8000000000000000214035Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:19.762{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50038-false10.0.1.12-8000- 23542300x8000000000000000239842Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:24.728{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F96896AF38DF501F0F82F7A557E9B138,SHA256=0993B9A83DE620DCA75AB550BD991B2C96966F45AC0A1ECACA6B8BBC79FDB5FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214037Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:24.516{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D8E4A6BB5AF0DCBE99D60816F9B8ECD,SHA256=BB01BB27D1BB576726DF65A352FDAF9FE0172B5ACA270BE4A0F4E26DCA87A8CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239843Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:25.736{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=05B59154134445F7F5368246D0EE70A6,SHA256=E7544FC5B029BF52EA63E75A379839B976148E5DB304FF5D1A00499298F6F870,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214038Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:25.516{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=095EAFBB91937D98FC86E1DC350DE9DE,SHA256=E451B61275199BC3B27E79A9A431515B88E30A26756379BB9F6A17B82EFDC132,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239844Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:26.743{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A9124459459AF82981FD1311AF37A20A,SHA256=8A247418267C20181E98A3B1CC7F72AA3EFDFED367C86F6173AEC87E847B2366,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214039Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:26.516{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB7A3EEAA84B059A5C999566E6418A55,SHA256=124A3EFFBC7A4DAE9F886B63006DF9F644DA033EE05C7BDF498A64D21D13102B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239846Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:27.744{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=52DA645F66115A2A38FB1386C083D0EE,SHA256=7FE569662056B04DCC1A33117EF88BE0A77928B13874CA107831D57BC2151663,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214040Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:27.516{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=940565B46EE817BD110A0FC2C0AA0B5A,SHA256=4DD6DEA56C7018AE776F493FEF32AE7A0FE55263D5DCB25177DA64929FD20857,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239845Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:27.684{6EDEAD03-E1A0-615E-0D00-00000000FD01}8921424C:\Windows\system32\svchost.exe{6EDEAD03-E1A0-615E-0F00-00000000FD01}304C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239851Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:28.749{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0ABF131B86E9E53A064189209C9B663F,SHA256=A661DB96043A75E18A9858D182933BEDBDCD32F98FF2427B84CBE7566DCC806E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214041Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:28.532{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=127AEA106145265B1E16ABCDF385AA14,SHA256=FDB19F3BC682826719A29B8A932996220FC2F8B6DB6F19FAF60910732BC2E2CB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239850Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:28.705{6EDEAD03-E412-615E-EE00-00000000FD01}49645072C:\Windows\Explorer.EXE{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+55a10|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF8018E0DB8A8)|UNKNOWN(FFFFFC203A2A5B48)|UNKNOWN(FFFFFC203A2A5CC7)|UNKNOWN(FFFFFC203A2A0351)|UNKNOWN(FFFFFC203A2A1D1A)|UNKNOWN(FFFFFC203A29FFD6)|UNKNOWN(FFFFF8018DDF3103)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5927b|C:\Windows\System32\SHELL32.dll+dac2a|C:\Windows\System32\SHCORE.dll+33fad 10341000x8000000000000000239849Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:28.705{6EDEAD03-E412-615E-EE00-00000000FD01}49645072C:\Windows\Explorer.EXE{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+554f1|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF8018E0DB8A8)|UNKNOWN(FFFFFC203A2A5B48)|UNKNOWN(FFFFFC203A2A5CC7)|UNKNOWN(FFFFFC203A2A0351)|UNKNOWN(FFFFFC203A2A1D1A)|UNKNOWN(FFFFFC203A29FFD6)|UNKNOWN(FFFFF8018DDF3103)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5927b|C:\Windows\System32\SHELL32.dll+dac2a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239848Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:28.705{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms~RF199fe0.TMPMD5=C58952CF47A40E878145002B738FDDA8,SHA256=5246515B04772B58453EE8E8C5C9C6E9F2B2DADF381EDC92D5E1CAA1130C1630,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239847Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:28.693{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+b3e7fb|C:\Program Files\Mozilla Firefox\xul.dll+b375e2|C:\Program Files\Mozilla Firefox\xul.dll+b3cbe8|C:\Program Files\Mozilla Firefox\xul.dll+b3d361|C:\Program Files\Mozilla Firefox\xul.dll+389961|C:\Program Files\Mozilla Firefox\xul.dll+b3e119|C:\Program Files\Mozilla Firefox\xul.dll+b410d2|C:\Program Files\Mozilla Firefox\xul.dll+b3db36|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b1e573|C:\Program Files\Mozilla Firefox\xul.dll+b1d776|C:\Program Files\Mozilla Firefox\xul.dll+b2400b 23542300x8000000000000000239857Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:29.755{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B1A1A1769186E565E9C8997C5832B89F,SHA256=42A401FB8E94C68AEF3845482E4FF1D9A97402BD6D13B668AD9F112E187094EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214043Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:29.532{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB7BCB728EED3D4FD53FABF19A70073B,SHA256=84EB6F5F6A2B0DFECD7D64D8A29A62AE2381BA0C3B69DB9F810A32A762D0B57E,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239856Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:26.917{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56628-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000239855Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:29.358{6EDEAD03-E1A0-615E-0D00-00000000FD01}8921424C:\Windows\system32\svchost.exe{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239854Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:29.358{6EDEAD03-E1A0-615E-0D00-00000000FD01}8921424C:\Windows\system32\svchost.exe{6EDEAD03-E410-615E-E300-00000000FD01}4332C:\Windows\System32\rdpclip.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239853Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:29.358{6EDEAD03-E1A0-615E-0D00-00000000FD01}8921424C:\Windows\system32\svchost.exe{6EDEAD03-E1A0-615E-0C00-00000000FD01}836C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239852Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:29.358{6EDEAD03-E1A0-615E-0D00-00000000FD01}8921424C:\Windows\system32\svchost.exe{6EDEAD03-E1A0-615E-1100-00000000FD01}424C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000214042Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:25.653{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50039-false10.0.1.12-8000- 23542300x8000000000000000239858Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:30.756{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=32636CD2A4034846DD2A6BF482BDA28B,SHA256=4AB6E509DFADE016DE05F0CA7A358CD5A3D1CA25DAA1A0C65D6DF604BF1B7686,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214044Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:30.532{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=76C4FB0D247EA443576B98A2C22E602D,SHA256=86EF48CA6E52640441D5302E4F645794284A37E797E9F72898CFADC65D664695,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239862Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:31.761{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=98F532EEFBFF5E2C700596793F8A9CA3,SHA256=0E9A291DA6B47AD743B2358EE8FAC0DB8FACE4A718D8A7D12BC0C61E95FACA01,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214045Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:31.532{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CADF30A8E0911C84A12C73F868D892E3,SHA256=B1B67E8821E2AB42D876E7303EFB52C930127C29D7B92DCF1119FBD068661C7B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239861Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:31.661{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+ebee38|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880 10341000x8000000000000000239860Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:31.300{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+f26720|C:\Program Files\Mozilla Firefox\xul.dll+f17b9b|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562 10341000x8000000000000000239859Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:31.232{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+f1b414|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2 23542300x8000000000000000239870Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:32.980{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\idb\3619119340leogcaarlof.sqlite-journalMD5=2A3B00A4BA97DEB93EFFCD9FDA010E9A,SHA256=AFA98DD1F614BEFC1991E4104E5C86A188BAAA4B2410B6662C46B105C9E0FC20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239869Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:32.972{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\idb\3619119340leogcaarlof.sqlite-journalMD5=2F7717E2796DF675ACDC2A5A793F6549,SHA256=A9A4BE8DF183D06881588E55057BA3DA637955B7348C88102CCDF4823662EE3D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239868Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:32.769{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FD415E4DFF279497F2DC59563D526885,SHA256=8760CC43FAE52167689260C76BF8048E8C312AAA5E59A10021C5B5A9B6E13603,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214046Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:32.532{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FCEAF3D3F6365F7385EBE1D58EA8801A,SHA256=14F669F57AE6EB571700011E2BD2891CE5E87C3DCC2662398BF42B12700DD285,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239867Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:32.511{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x8000000000000000239866Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-07 12:29:32.330{6EDEAD03-E420-615E-0601-00000000FD01}6016\chrome.6016.16.100499062C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000239865Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-07 12:29:32.330{6EDEAD03-E420-615E-0601-00000000FD01}6016\chrome.6016.15.38966820C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000239864Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:32.310{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E425-615E-0B01-00000000FD01}5880C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2ee50|C:\Program Files\Mozilla Firefox\xul.dll+d94d2e|C:\Program Files\Mozilla Firefox\xul.dll+d94757|C:\Program Files\Mozilla Firefox\xul.dll+7e80d9|C:\Program Files\Mozilla Firefox\xul.dll+7dbef1|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239863Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:32.298{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E425-615E-0901-00000000FD01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2ee50|C:\Program Files\Mozilla Firefox\xul.dll+d94d2e|C:\Program Files\Mozilla Firefox\xul.dll+d8f0d9|C:\Program Files\Mozilla Firefox\xul.dll+d7e4e7|C:\Program Files\Mozilla Firefox\xul.dll+3ea8a86|C:\Program Files\Mozilla Firefox\xul.dll+21dc6d0|C:\Program Files\Mozilla Firefox\xul.dll+911a3c|C:\Program Files\Mozilla Firefox\xul.dll+8d6c51|C:\Program Files\Mozilla Firefox\xul.dll+19876d|C:\Program Files\Mozilla Firefox\xul.dll+914c17|C:\Program Files\Mozilla Firefox\xul.dll+8df324|C:\Program Files\Mozilla Firefox\xul.dll+8e2051|C:\Program Files\Mozilla Firefox\xul.dll+8e0e2e|C:\Program Files\Mozilla Firefox\xul.dll+8e018e|C:\Program Files\Mozilla Firefox\xul.dll+8ea0a7|C:\Program Files\Mozilla Firefox\xul.dll+8302aa|C:\Program Files\Mozilla Firefox\xul.dll+7ce177|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e 23542300x8000000000000000239894Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.787{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=028B5A23AF77F428208A5B36FB9C14AB,SHA256=71E23112DBFEC65215D9BF7DBD48AE6D235637791114B0EF766796BA5A7BABAA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214047Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:33.532{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C733C1A190EAC9C5D828DA8D6F58C114,SHA256=7987E409D2304F471366A65763D9C0E2BF0BF6AFE31FA4FC99C21762EE7322BE,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239893Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:32.412{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56634-false152.199.21.141-443https 354300x8000000000000000239892Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:32.403{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56632-false152.199.21.141-443https 10341000x8000000000000000239891Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.636{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+acbf08|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239890Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.632{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+b3ed70|C:\Program Files\Mozilla Firefox\xul.dll+2655c0b|C:\Program Files\Mozilla Firefox\xul.dll+2648cf6|C:\Program Files\Mozilla Firefox\xul.dll+b382c0|C:\Program Files\Mozilla Firefox\xul.dll+b3cbe8|C:\Program Files\Mozilla Firefox\xul.dll+b3d361|C:\Program Files\Mozilla Firefox\xul.dll+389961|C:\Program Files\Mozilla Firefox\xul.dll+b3e119|C:\Program Files\Mozilla Firefox\xul.dll+b410d2|C:\Program Files\Mozilla Firefox\xul.dll+b3db36|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b1e573 10341000x8000000000000000239889Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.612{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+b3ed70|C:\Program Files\Mozilla Firefox\xul.dll+b3e6ed|C:\Program Files\Mozilla Firefox\xul.dll+b37716|C:\Program Files\Mozilla Firefox\xul.dll+b3cbe8|C:\Program Files\Mozilla Firefox\xul.dll+b3d361|C:\Program Files\Mozilla Firefox\xul.dll+389961|C:\Program Files\Mozilla Firefox\xul.dll+b3e119|C:\Program Files\Mozilla Firefox\xul.dll+b410d2|C:\Program Files\Mozilla Firefox\xul.dll+b3db36|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b1e573|C:\Program Files\Mozilla Firefox\xul.dll+b1d776 10341000x8000000000000000239888Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.608{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E425-615E-0901-00000000FD01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+2384158|C:\Program Files\Mozilla Firefox\xul.dll+225fc61|C:\Program Files\Mozilla Firefox\xul.dll+225bbca|C:\Program Files\Mozilla Firefox\xul.dll+2e03230|C:\Program Files\Mozilla Firefox\xul.dll+2e1cdda|C:\Program Files\Mozilla Firefox\xul.dll+2dfc569|C:\Program Files\Mozilla Firefox\xul.dll+2dfc285|C:\Program Files\Mozilla Firefox\xul.dll+2dfff2b|C:\Program Files\Mozilla Firefox\xul.dll+2e17fad|C:\Program Files\Mozilla Firefox\xul.dll+2e24278|C:\Program Files\Mozilla Firefox\xul.dll+2e23674|C:\Program Files\Mozilla Firefox\xul.dll+2e06dd0|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80 354300x8000000000000000239887Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:32.374{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56631-false152.199.21.141-443https 354300x8000000000000000239886Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:32.373{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50624- 354300x8000000000000000239885Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:31.984{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56630-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000239884Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:31.980{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56629-false104.244.42.129-443https 354300x8000000000000000239883Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:31.958{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51534- 354300x8000000000000000239882Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:31.954{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55955- 23542300x8000000000000000239881Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.444{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\cache\caches.sqlite-journalMD5=1381C7533AC2D155DE2C684AC0AFBFF7,SHA256=8AACD1AF9C228812DAD9EE1856D6B8B39DFBF783E4F89590D955CE9C1E58E76D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239880Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.432{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\cache\caches.sqlite-journalMD5=391028B9971558CE275147C8CA325383,SHA256=708899B40F5B6AD273BFB76071F91E9DC3848E99A17C0599307325BC9C5FE6B5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239879Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.289{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239878Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.288{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239877Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.287{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239876Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.287{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239875Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.276{6EDEAD03-E1A0-615E-1100-00000000FD01}4241548C:\Windows\system32\svchost.exe{6EDEAD03-E425-615E-0901-00000000FD01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239874Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.036{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239873Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.036{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239872Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.008{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\idb\3619119340leogcaarlof.sqlite-walMD5=32561EE994E6CD4EF0DEAB49FA88159C,SHA256=00A2FD3D2D67C404F241980504A4F528668EA8B6355756A00DF938B4E613E557,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239871Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.000{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\idb\3619119340leogcaarlof.sqlite-shmMD5=CFCF329E8B51B908B33B188E4EA60550,SHA256=8D8359A50E43404388E30FC1DCEA99633C6CC281CF42E1CDB432B1FD30D7756A,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239918Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.740{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56639-false142.250.186.78fra24s05-in-f14.1e100.net443https 354300x8000000000000000239917Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.712{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetruefe80:0:0:0:0:ffff:ffff:fffe-65456-true2001:500:12:0:0:0:0:d0dG.ROOT-SERVERS.NET53domain 23542300x8000000000000000239916Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.830{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B186972717B0A71E36558282289CBC4D,SHA256=196598D4ACD52631BEC8D4E85B6C64CB66E09644B0533F7736748A69A5C491C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214049Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:34.532{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=72701CF676991A2C90443917799333FA,SHA256=00E442766BA39522659330A34537AC5AD924D31067BDC8716C4BF6929247EBCB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239915Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.522{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000239914Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.266{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-53971- 354300x8000000000000000239913Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.266{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-52410- 354300x8000000000000000239912Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.239{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52410- 354300x8000000000000000239911Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.231{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56637-false104.244.42.130-443https 354300x8000000000000000239910Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.229{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56638-false104.244.42.130-443https 354300x8000000000000000239909Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.202{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61457- 354300x8000000000000000239908Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.154{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56636-false192.229.233.50-443https 354300x8000000000000000239907Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.153{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53574- 354300x8000000000000000239906Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.150{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53693- 10341000x8000000000000000239905Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.087{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+93f6c9|C:\Program Files\Mozilla Firefox\xul.dll+93f5ea|C:\Program Files\Mozilla Firefox\xul.dll+93f1d9|C:\Program Files\Mozilla Firefox\xul.dll+93b2df|C:\Program Files\Mozilla Firefox\xul.dll+93b5ec|C:\Program Files\Mozilla Firefox\xul.dll+accd49|C:\Program Files\Mozilla Firefox\xul.dll+aea1fa|C:\Program Files\Mozilla Firefox\xul.dll+a84ae9|C:\Program Files\Mozilla Firefox\xul.dll+aceff0|C:\Program Files\Mozilla Firefox\xul.dll+19834cf|C:\Program Files\Mozilla Firefox\xul.dll+198cf35|C:\Program Files\Mozilla Firefox\xul.dll+25aebfa|C:\Program Files\Mozilla Firefox\xul.dll+25c3a74|C:\Program Files\Mozilla Firefox\xul.dll+25ae57e|C:\Program Files\Mozilla Firefox\xul.dll+188b5ca|C:\Program Files\Mozilla Firefox\xul.dll+18888fd|C:\Program Files\Mozilla Firefox\xul.dll+1884327|C:\Program Files\Mozilla Firefox\xul.dll+1a8f46e|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+f2161d 22542200x8000000000000000239904Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.223{6EDEAD03-E420-615E-0601-00000000FD01}6016tpop-api.twitter.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239903Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.218{6EDEAD03-E420-615E-0601-00000000FD01}6016tpop-api.twitter.com0104.244.42.2;104.244.42.66;104.244.42.194;104.244.42.130;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239902Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.217{6EDEAD03-E420-615E-0601-00000000FD01}6016api.twitter.com0type: 5 tpop-api.twitter.com;::ffff:104.244.42.130;::ffff:104.244.42.2;::ffff:104.244.42.66;::ffff:104.244.42.194;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239901Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.164{6EDEAD03-E420-615E-0601-00000000FD01}6016cs672.wac.edgecastcdn.net02606:2800:134:fa2:1627:1fe:edb:1665;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239900Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.163{6EDEAD03-E420-615E-0601-00000000FD01}6016cs672.wac.edgecastcdn.net0192.229.233.50;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239899Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:32.386{6EDEAD03-E420-615E-0601-00000000FD01}6016cs510.wpc.edgecastcdn.net02606:2800:233:8173:898f:63b3:95c3:79d2;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239898Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:32.384{6EDEAD03-E420-615E-0601-00000000FD01}6016cs510.wpc.edgecastcdn.net0152.199.21.141;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239897Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:31.969{6EDEAD03-E420-615E-0601-00000000FD01}6016twitter.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239896Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:31.966{6EDEAD03-E420-615E-0601-00000000FD01}6016twitter.com0104.244.42.65;104.244.42.129;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239895Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:31.965{6EDEAD03-E420-615E-0601-00000000FD01}6016twitter.com0::ffff:104.244.42.129;::ffff:104.244.42.65;C:\Program Files\Mozilla Firefox\firefox.exe 354300x8000000000000000214048Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:30.715{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50040-false10.0.1.12-8000- 10341000x8000000000000000239951Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.909{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239950Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.907{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239949Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.886{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239948Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.849{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239947Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.847{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239946Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.846{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214051Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:35.532{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9AB014D71D4ADC202DA1E41FAFCD4F6D,SHA256=0E71C4072558E7CFA124F77F860A6E05C8D609F548AFB6AF9EB2571C2CCBDCA3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239945Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.824{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239944Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.824{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239943Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.823{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239942Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.800{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239941Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.800{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239940Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.770{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239939Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.514{6EDEAD03-E1B0-615E-2600-00000000FD01}2868NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211007120155-026MD5=CF99E2CB113D8D2DCF43ED5FD96B633A,SHA256=1FA348E6AF774F9DE3BF8065B0725E0F0BD5741AF42D4AB3E9893B22D98D3DA4,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239938Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.376{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local57328-false142.250.185.109fra16s49-in-f13.1e100.net443https 354300x8000000000000000239937Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.325{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56643-false104.111.230.79a104-111-230-79.deploy.static.akamaitechnologies.com443https 354300x8000000000000000239936Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.308{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57327- 354300x8000000000000000239935Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.297{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-54463- 354300x8000000000000000239934Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.269{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-50291- 354300x8000000000000000239933Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.264{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56642-false142.250.185.109fra16s49-in-f13.1e100.net443https 354300x8000000000000000239932Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.262{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58741- 354300x8000000000000000239931Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.258{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54463- 354300x8000000000000000239930Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.257{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54906- 354300x8000000000000000239929Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.242{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50291- 354300x8000000000000000239928Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.027{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56641-false192.229.233.50-443https 10341000x8000000000000000239927Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.493{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239926Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.492{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239925Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.489{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239924Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.487{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239923Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.421{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000239922Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.956{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56640-false104.244.43.131-443https 354300x8000000000000000239921Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.955{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52230- 354300x8000000000000000239920Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:33.955{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53757- 10341000x8000000000000000239919Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.202{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214050Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:35.048{49C67628-E19D-615E-1200-00000000FE01}980NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=B117169C9EF91E986735952D3B7B76FB,SHA256=B52D78BBB98438AEE50997E66F165CA5F5FD46FBE0568470F1CF4BD31C33DA5C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214052Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:36.532{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2ADCB854AC229498809BCD6C97E77C59,SHA256=2BA25B6C47F675F5BACB40AEDFF0DE5B5C4131808A4712A7468A3F5C4A2E00AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000239988Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.509{6EDEAD03-E1B0-615E-2600-00000000FD01}2868NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211007120153-027MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000239987Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.259{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54344- 354300x8000000000000000239986Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.164{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56644-false104.244.42.129-443https 10341000x8000000000000000239985Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.323{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239984Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.297{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239983Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.296{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239982Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.288{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239981Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.288{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239980Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.288{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239979Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.286{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000239978Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.270{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB016E8A6713373A6AA412B4D6D45086,SHA256=485524B0C30BF60E0F06CA0E00CA6E1C7CC2C097090D0AEC7FE234355E2EF0D6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000239977Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.267{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239976Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.261{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239975Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.259{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239974Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.258{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239973Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.258{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239972Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.258{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239971Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.089{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239970Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.072{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239969Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.070{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239968Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.069{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239967Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.069{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239966Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.059{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239965Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.059{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239964Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.059{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239963Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.059{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 22542200x8000000000000000239962Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.274{6EDEAD03-E420-615E-0601-00000000FD01}6016accounts.google.com02a00:1450:4001:80f::200d;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239961Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.271{6EDEAD03-E420-615E-0601-00000000FD01}6016accounts.google.com0142.250.185.109;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239960Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.270{6EDEAD03-E420-615E-0601-00000000FD01}6016accounts.google.com0::ffff:142.250.185.109;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000239959Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.046{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239958Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.046{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239957Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.040{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239956Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.040{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239955Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.019{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239954Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.019{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239953Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.007{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000239952Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.007{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214053Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:37.548{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F8F184265D23796510011898D4E7A04E,SHA256=0F9D6CACF6048A9C132B66A17D96D704489126B79F27FB8429931701DC111713,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240014Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:37.796{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000240013Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.261{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55033- 354300x8000000000000000240012Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.141{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-57701- 354300x8000000000000000240011Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.117{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56650-false68.232.34.217-443https 354300x8000000000000000240010Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.117{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56652-false68.232.34.217-443https 354300x8000000000000000240009Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.117{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56651-false68.232.34.217-443https 354300x8000000000000000240008Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.116{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56649-false68.232.34.217-443https 354300x8000000000000000240007Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.116{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57701- 354300x8000000000000000240006Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.115{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55119- 354300x8000000000000000240005Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.054{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local65499-false142.250.186.99fra24s06-in-f3.1e100.net443https 354300x8000000000000000240004Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.028{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56647-false142.250.186.99fra24s06-in-f3.1e100.net443https 354300x8000000000000000240003Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.028{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56648-false142.250.186.99fra24s06-in-f3.1e100.net443https 354300x8000000000000000240002Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.023{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59326- 23542300x8000000000000000240001Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:37.291{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=184CDE978FC2D9E7C204C9F22A1A2715,SHA256=579CF9C031A136ADA34A6229591D08AD21CF52C66E43D62FDE92E0FC70E7EEED,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240000Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.951{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local56855-false142.250.185.67fra16s48-in-f3.1e100.net443https 354300x8000000000000000239999Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.925{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56646-false142.250.185.67fra16s48-in-f3.1e100.net443https 354300x8000000000000000239998Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.925{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56645-false142.250.185.67fra16s48-in-f3.1e100.net443https 354300x8000000000000000239997Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.924{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56854- 354300x8000000000000000239996Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.923{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52564- 354300x8000000000000000239995Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.921{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61160- 23542300x8000000000000000239994Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:37.127{6EDEAD03-E1A0-615E-1000-00000000FD01}372NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=007AEDD696B34CB4FB64655ADA6F3F29,SHA256=EB6147ED52755E379551775271813F3489FDB9509C130F812F4C9A608DE06F49,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000239993Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.320{6EDEAD03-E420-615E-0601-00000000FD01}6016e2885.e9.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239992Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.317{6EDEAD03-E420-615E-0601-00000000FD01}6016e2885.e9.akamaiedge.net0104.111.230.79;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000239991Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:34.315{6EDEAD03-E420-615E-0601-00000000FD01}6016appleid.cdn-apple.com0type: 5 appleid.cdn-apple.com.akadns.net;type: 5 appleid.cdn-apple.com.edgekey.net;type: 5 e2885.e9.akamaiedge.net;::ffff:104.111.230.79;C:\Program Files\Mozilla Firefox\firefox.exe 354300x8000000000000000239990Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.789{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-58339- 354300x8000000000000000239989Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:35.763{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58339- 23542300x8000000000000000214054Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:38.548{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B796000C04C0521A286C030EE5AADB0,SHA256=1C7015BC4EF194C745D05234913FEDB59FE860F8F98B055DF3E3CCF22C11992F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240019Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:38.834{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\permissions.sqlite-journalMD5=A3713456CE9EC5585A6BBB27F6CF6E4A,SHA256=DBEFE7D9F0BBD3841CEA5E493CBF90FA6F52C35C5A8C1F8B2584B0464B0B85F1,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000240018Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.302{6EDEAD03-E420-615E-0601-00000000FD01}6016cs189.wpc.edgecastcdn.net02606:2800:233:1ab3:789:1032:20e3:21;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240017Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.124{6EDEAD03-E420-615E-0601-00000000FD01}6016cs189.wpc.edgecastcdn.net068.232.34.217;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240016Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:36.035{6EDEAD03-E420-615E-0601-00000000FD01}6016gstaticadssl.l.google.com0142.250.186.99;C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000240015Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:38.023{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=05DBCAE31FD8845F4E4EE357A0A7653B,SHA256=6946FABC6CDA60463E8CDF68A8BCFCDB48DC01ED6AF90F7FB0181A6A1626B42A,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214056Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:36.684{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50041-false10.0.1.12-8000- 23542300x8000000000000000214055Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:39.564{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2CA0F337F0B9006BE1DF2324C6E47352,SHA256=C7D6129A62D4E8314FA78E51D76242C70E154D8EDF5C464AB3892D42C06DE4DF,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240023Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:37.946{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetruefe80:0:0:0:0:ffff:ffff:fffe-65456-true2001:7fd:0:0:0:0:0:1k.root-servers.net53domain 354300x8000000000000000240022Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:37.925{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56653-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000240021Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:37.269{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52260- 23542300x8000000000000000240020Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:39.048{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5023C9E8F95A3E9E5DCA847A98557E8F,SHA256=F1BD9216D935C57FED150D41AF302BF86EB56E897F984A8DF200AA2C8804D347,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214057Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:40.564{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D949C049AF83EA094C243295987F801F,SHA256=CE31C192EC122505D0D4D8C6421DD4EC14EB9BB907BA9B2C58E5B01F853F2080,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240025Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:40.659{6EDEAD03-E1B0-615E-2800-00000000FD01}2904NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240024Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:40.078{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F69F0DA319886D2E051CBC9962FFEDE1,SHA256=CA0D730C94F2EB71140BAFAFF9C21AB86D436C69B55A81AB720F9CCA453FE6AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214058Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:41.564{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=265C8A7017222B92E320236D04282FFD,SHA256=A022B85C33149B6BE53C5233EDE58564FAC43E1DA7D9603137A9E85C0456E622,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240028Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:40.545{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56654-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000240027Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:41.603{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cache2\indexMD5=810C0D5840D21C648BC7BF071A2AD351,SHA256=0708C8A01959BDD89EC22BA9DD684A9D8F46D63D477B3E2F13674E955CD9F4F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240026Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:41.082{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A79C77B808AF49D10F4324CDF86E4FB7,SHA256=FE2328D693BA2D037C53AD92FE73F440504C30F057756D64B3F445EAC02A935C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214059Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:42.564{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0EB1AB28DBCFA7EA5071BD6CF3574660,SHA256=8AE15A645CD6790C1A25A27381A5F34DC4B688B5E236DB1854C465025871671F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240030Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:40.745{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetruefe80:0:0:0:0:ffff:ffff:fffe-63282-true2001:500:2d:0:0:0:0:dd.root-servers.net53domain 23542300x8000000000000000240029Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:42.089{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD87D36E82DA3C58502500543C345D46,SHA256=2F923EB2D6692A3B8CDA70094D29C8AB6D7AD1B494177B762E8D5CC4E884BF77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214060Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:43.564{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C2C7D78D66F94C5B527AEFD43307988D,SHA256=F902C6EBF36BE4266FB02F7F886875F8AB4C32137453DE63D503724EE171DD44,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000240036Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:43.551{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\serviceworker.txt2021-10-07 12:29:43.550 23542300x8000000000000000240035Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:43.543{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\idb\1046228012scyn.sqlite-walMD5=1FA1114D8B52275E12FE6D6181EC2651,SHA256=7B1FCC08A70281999D23F9EF60FD0A72482174A7C12471CAF740D97732B31224,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240034Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:43.541{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\idb\1046228012scyn.sqlite-shmMD5=8CEEF0710E20DD3ABAF8F35EDB75A8F3,SHA256=6E18F8CE73201A638B0F42A5931D148619738AB823B47BD6CEEABB78E32EEA1B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240033Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:43.524{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\idb\1046228012scyn.sqlite-journalMD5=EA410B8EA1BB58DA2C1E908AB1918EAE,SHA256=D4AE4F3C85CDDE94792204E234BBA785AA7D55A5BF6C1796362ED66DA34ACBFA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240032Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:43.516{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\idb\1046228012scyn.sqlite-journalMD5=AFD4844819E7A53079EA7AA388DB6893,SHA256=B4208A139FEFA4C1F56B5E65B6E67A6E0C96B469A40D7DB2C00DA1C995BA4F29,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240031Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:43.097{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=614B3F176DCB798B884788AFE1B29E94,SHA256=F44DC1C335E103C4899503AE1A6ECEC2FDE60FDAAA515AB5E17B8277E93A01FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214061Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:44.564{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A9F87167847B31F7D72AA0963EF3BECA,SHA256=D3F91ACB68D8A962749A880274DAD919B1B8BF56F84F585CBFA9092B9F4BEBCC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240037Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:44.107{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=74FB9BC7767D197C7B9B09970A74F7DE,SHA256=08934826D26FCB9B046E21C970961E9A6E063DE0AC8D88480E0E039198A9960F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214063Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:45.908{49C67628-E19D-615E-1D00-00000000FE01}1960NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214062Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:45.564{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=90C8155F7FEDD7B828347DC3CA2E7959,SHA256=DD801A5D5CD72A778C5D257F3EA261B81BC8FF5F6CE78143BAA2969B33899F3A,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240041Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:43.353{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetruefe80:0:0:0:0:ffff:ffff:fffe-64195-true2001:7fe:0:0:0:0:0:53i.root-servers.net53domain 354300x8000000000000000240040Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:43.059{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56655-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000240039Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:45.553{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\idb\3619119340leogcaarlof.sqlite-shmMD5=B39BA3A126F80E4EB0BB6A5E80E406EF,SHA256=BA6EC91CE15F5B9FAECAEC7C2AF682CF253105C451AFE8C16E2833C90CB00B19,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240038Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:45.112{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7EC4482B57549EFAC4ED197748DBD735,SHA256=6908E25D002723A52302076AF125DAC1847A3286B8F3DF6941017CD4976E99C7,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214065Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:42.622{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50042-false10.0.1.12-8000- 23542300x8000000000000000214064Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:46.564{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1A5481D4827419D0D606DFF265152ABD,SHA256=12DB23BD567221A2D852098213A5BABF2B641ED438F848A97D2D2D26EDA46E6C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240047Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:46.992{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240046Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:46.980{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240045Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:46.959{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240044Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:46.951{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240043Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:46.950{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240042Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:46.128{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BDA7A6FBA97FF92BF717FC0E27D530BD,SHA256=61F80BDF889CAD2C93A2F7080B8C71468178CC45B7A1C3BAD94B6A3B26B44579,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214080Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:44.482{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50043-false10.0.1.12-8089- 23542300x8000000000000000214079Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:47.564{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7421CF21EA3D8ADBEA00B8C051B13DBC,SHA256=852DAE153A5548A617DE61D4E9D9F53FD6170BA1AFBCE427345B78EB8198F573,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240089Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.950{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000240088Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:46.121{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local53339-false216.58.212.142fra16s46-in-f14.1e100.net443https 354300x8000000000000000240087Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:46.045{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56656-false216.58.212.142fra16s46-in-f14.1e100.net443https 354300x8000000000000000240086Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:46.044{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56657-false216.58.212.142fra16s46-in-f14.1e100.net443https 354300x8000000000000000240085Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:46.041{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53338- 354300x8000000000000000240084Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:46.041{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53035- 10341000x8000000000000000240083Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.709{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240082Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.705{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240081Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.705{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240080Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.704{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240079Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.704{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240078Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.704{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240077Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.704{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240076Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.704{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240075Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.704{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240074Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.704{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240073Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.703{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240072Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.703{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240071Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.700{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240070Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.699{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240069Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.699{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240068Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.699{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240067Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.699{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240066Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.699{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240065Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.699{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E412-615E-EE00-00000000FD01}4964C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240064Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.698{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240063Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.698{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240062Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.698{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F200-00000000FD01}2072C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240061Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.698{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240060Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.698{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240059Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.698{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240058Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.698{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240057Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.698{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240056Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.698{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240055Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.698{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240054Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.698{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E414-615E-F100-00000000FD01}4544C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240053Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.698{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E1B1-615E-2A00-00000000FD01}2956C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240052Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.698{6EDEAD03-E1A0-615E-0D00-00000000FD01}892912C:\Windows\system32\svchost.exe{6EDEAD03-E1B1-615E-2A00-00000000FD01}2956C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240051Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.438{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240050Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.435{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240049Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.435{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240048Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.146{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E4CC9720F3C2336E69F4A8A82066CEC,SHA256=47BDA02B6C9DB8E77E25089F45B923F3722CE4D81A4789162254D54AC719A6BD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214078Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:47.345{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E83B-615E-5601-00000000FE01}3124C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214077Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:47.345{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214076Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:47.345{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214075Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:47.345{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214074Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:47.345{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214073Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:47.345{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214072Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:47.345{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214071Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:47.345{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214070Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:47.345{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214069Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:47.345{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214068Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:47.345{49C67628-E19C-615E-0500-00000000FE01}416432C:\Windows\system32\csrss.exe{49C67628-E83B-615E-5601-00000000FE01}3124C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214067Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:47.345{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E83B-615E-5601-00000000FE01}3124C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214066Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:47.346{49C67628-E83B-615E-5601-00000000FE01}3124C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000240105Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:48.823{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240104Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:48.821{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240103Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:48.820{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240102Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:48.764{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240101Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:48.762{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240100Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:48.761{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240099Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:48.749{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240098Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:48.749{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240097Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:48.749{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240096Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:48.748{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240095Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:48.748{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240094Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:48.747{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240093Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:48.541{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D3826ED82DF14A78E87773BA4C8BF60A,SHA256=08720261752D355B73E93159E79450793EFB04B4A8EE4D45B0AA2A4961F80BF9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214110Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.923{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E83C-615E-5801-00000000FE01}1124C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214109Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.923{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214108Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.923{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214107Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.923{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214106Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.923{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214105Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.923{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214104Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.923{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214103Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.923{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214102Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.923{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214101Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.923{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214100Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.923{49C67628-E19C-615E-0500-00000000FE01}416532C:\Windows\system32\csrss.exe{49C67628-E83C-615E-5801-00000000FE01}1124C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214099Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.923{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E83C-615E-5801-00000000FE01}1124C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214098Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.924{49C67628-E83C-615E-5801-00000000FE01}1124C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000214097Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.689{49C67628-E83C-615E-5701-00000000FE01}18001236C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214096Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.568{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=18FCEB3FE6D0F8ECE2CB1D4B99B485A5,SHA256=91069C1F18E9D9B99333243F490DA6CD550EF6A86275262FE002F7DC64A7FC93,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214095Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.486{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=83A356A02D21C575DF1A6F37F972DA6F,SHA256=677ACE7A200F599EBF83A4A1B72AE637098F4F1F006057AEE4B9A084BD255926,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214094Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.486{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A94766C7F344D40220251F06AD119BDB,SHA256=DE7028060E572A262CCCEE19BCE6A166CD92DC654535A5DA522157F08142CBF8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214093Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.423{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E83C-615E-5701-00000000FE01}1800C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214092Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.423{49C67628-E19C-615E-0500-00000000FE01}416432C:\Windows\system32\csrss.exe{49C67628-E83C-615E-5701-00000000FE01}1800C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214091Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.423{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E83C-615E-5701-00000000FE01}1800C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214090Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.423{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214089Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.423{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214088Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.423{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214087Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.423{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214086Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.423{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214085Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.423{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214084Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.423{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214083Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.423{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214082Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.423{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214081Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:48.424{49C67628-E83C-615E-5701-00000000FE01}1800C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 22542200x8000000000000000240092Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:46.053{6EDEAD03-E420-615E-0601-00000000FD01}6016play.google.com02a00:1450:4001:82a::200e;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240091Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:46.050{6EDEAD03-E420-615E-0601-00000000FD01}6016play.google.com0216.58.212.142;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240090Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:46.042{6EDEAD03-E420-615E-0601-00000000FD01}6016play.google.com0::ffff:216.58.212.142;C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000214112Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:49.924{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=83A356A02D21C575DF1A6F37F972DA6F,SHA256=677ACE7A200F599EBF83A4A1B72AE637098F4F1F006057AEE4B9A084BD255926,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214111Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:49.580{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A6F720950034DDA8F6CCF47ADAF70797,SHA256=C9EED75C80130258E0830846E672CF42AC470D0BAC6BD029A08B54A7D5F09AC9,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240129Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:48.118{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56658-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000240128Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:47.459{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57034- 10341000x8000000000000000240127Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.798{6EDEAD03-E1A0-615E-0D00-00000000FD01}8921424C:\Windows\system32\svchost.exe{6EDEAD03-E1A0-615E-1600-00000000FD01}1280C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240126Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.677{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240125Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.631{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240124Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.622{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240123Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.621{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240122Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.583{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240121Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.567{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=50E0A4920BC966B302B2ACC0E92AF21C,SHA256=4A7FCF0B761DBE769B349A54C3DF7026D0B3EE69247ECFB64F6D66F4CBF0FDD5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240120Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.566{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240119Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.561{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240118Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.561{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240117Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.531{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240116Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.527{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240115Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.527{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240114Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.445{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240113Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.445{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240112Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.445{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240111Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.445{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240110Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.441{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240109Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.441{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240108Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.440{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240107Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.404{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240106Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:49.401{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214113Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:50.580{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=56BAF5FDA1B91EE515033721CFEC218A,SHA256=E74F92854F57C0B2D6C164254C9845963A1E46A51EB7130A3521BDF8AD0E3E1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240130Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:50.575{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4D7112CCD2A359981E9DD150319703CA,SHA256=E10169CAEA4DF55EF103D5B24367757A3242D7B9472220E497DEA4279F5DA00B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214143Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.942{49C67628-E83F-615E-5A01-00000000FE01}23163904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214142Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.720{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E83F-615E-5A01-00000000FE01}2316C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214141Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.720{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214140Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.720{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214139Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.720{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214138Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.720{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214137Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.720{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214136Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.720{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214135Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.720{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214134Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.720{49C67628-E19C-615E-0500-00000000FE01}416432C:\Windows\system32\csrss.exe{49C67628-E83F-615E-5A01-00000000FE01}2316C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214133Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.720{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214132Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.720{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214131Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.720{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E83F-615E-5A01-00000000FE01}2316C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214130Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.722{49C67628-E83F-615E-5A01-00000000FE01}2316C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000214129Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.580{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D43B22FBF8E315204EC0DF920AD952E7,SHA256=EBBF7C9D306E00E18EEF0C440B8441FFE1483492FE9DAEC94CFC8C54C858BFFC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240158Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.674{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240157Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.614{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240156Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.610{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240155Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.610{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240154Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.609{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1BAEE6967A48A618A481521440CEE8F7,SHA256=F2E63E8511B3CB29445A21D5EFFE37BDF64F16E3F51C7B589E53ABF22B31404E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240153Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.594{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214128Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.267{49C67628-E83F-615E-5901-00000000FE01}3876960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214127Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.095{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E83F-615E-5901-00000000FE01}3876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214126Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.095{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214125Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.095{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214124Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.095{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214123Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.095{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214122Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.095{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214121Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.095{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214120Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.095{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214119Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.095{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214118Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.095{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214117Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.095{49C67628-E19C-615E-0500-00000000FE01}4161044C:\Windows\system32\csrss.exe{49C67628-E83F-615E-5901-00000000FE01}3876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214116Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.095{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E83F-615E-5901-00000000FE01}3876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214115Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:51.096{49C67628-E83F-615E-5901-00000000FE01}3876C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000214114Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:47.747{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50044-false10.0.1.12-8000- 10341000x8000000000000000240152Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.584{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240151Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.580{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240150Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.580{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240149Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.570{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240148Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.546{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240147Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.542{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240146Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.541{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240145Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.504{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240144Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.497{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240143Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.494{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240142Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.481{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240141Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.481{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240140Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.480{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240139Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.480{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240138Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.407{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240137Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.384{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240136Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.383{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240135Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.383{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240134Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.374{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240133Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.317{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240132Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.317{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240131Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:51.302{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214159Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:52.720{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=26FEB05DA48021EF4EB926BFC172B5E5,SHA256=973B28A204F7BD02FCBFA6E6D1A3424095E80F10FF149F91C6535DA5FEB4D066,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240173Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:52.639{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240172Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:52.634{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240171Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:52.634{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240170Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:52.607{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4250DAEC00922561C954B4BEFB9BEABB,SHA256=11576F52777CD55054D989A1C2BD5A0AF68C3EAEF516B697FF09B9B75A158E16,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214158Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:52.441{49C67628-E840-615E-5B01-00000000FE01}37921588C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214157Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:52.220{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4688173FDF284768D9153DE403F30B7F,SHA256=D9B1758B36923CAF8D5C5946CE36140A79F877E452863B03750BF767AE32C66E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214156Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:52.220{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E840-615E-5B01-00000000FE01}3792C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214155Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:52.220{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214154Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:52.220{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214153Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:52.220{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214152Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:52.220{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214151Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:52.220{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214150Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:52.220{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214149Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:52.220{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214148Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:52.220{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214147Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:52.220{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214146Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:52.220{49C67628-E19C-615E-0500-00000000FE01}4161044C:\Windows\system32\csrss.exe{49C67628-E840-615E-5B01-00000000FE01}3792C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214145Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:52.220{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E840-615E-5B01-00000000FE01}3792C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214144Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:52.221{49C67628-E840-615E-5B01-00000000FE01}3792C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000240169Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:52.449{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240168Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:52.445{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240167Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:52.445{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240166Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:52.388{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240165Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:52.080{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240164Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:52.054{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-walMD5=49F54E3D24D1F2246EBB621E751EB314,SHA256=9217D9744A7AF1B8752F991A65196DDA70F07C7A8CBCEBF2E88A08EB3CD72A15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240163Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:52.053{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-shmMD5=D21262BA253C00564DAD3DCB85D0A774,SHA256=3DAE8D56CCB852B8192B9B269644DEF8AC3955E92EAA44E43B96256B3E9100F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240162Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:52.047{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\ls\data.sqlite-journalMD5=472BDE0EE5D6E54685AF1755BDCEC7B7,SHA256=70601E9BF0689B0B24A8C2B81568E12110513860363D77339C5D0D6CABF4E7FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240161Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:52.024{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\ls\data.sqlite-journalMD5=0B29BA8124E41396BE98742CE8C02C9E,SHA256=BC40BD26724D1F9DC4BDCB0D631B0605CA9D5DC48344B62FE8F5E67031EAB19A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240160Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:52.016{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\ls\data.sqlite-journalMD5=86186F7A6C4666D67F2B324E3FB8EBF1,SHA256=4F8705D882CB8774D92816CA60870B299077448385CB12409CB938A9B0C8C8EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240159Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:52.005{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\ls\data.sqlite-journalMD5=1E72A5797DCFD66476961A044A5F7574,SHA256=B7372922754A8D60F08ED07E072E489E88AB963615799C980C6F82932C11C419,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214174Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:53.767{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10783E34036EE3E1736925222DA8E7F8,SHA256=E047041355C6E7E110F1BFCE78BF737F43DE36B3BBD5CCA66228DE1A18D3A3D4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240181Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:53.906{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240180Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:53.905{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240179Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:53.905{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240178Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:53.904{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240177Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:53.756{6EDEAD03-E1A0-615E-1100-00000000FD01}4241548C:\Windows\system32\svchost.exe{6EDEAD03-E42A-615E-1001-00000000FD01}6800C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240176Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:53.616{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7053E313D7C8FDC50E35C79576FCD646,SHA256=0334228C51B847CDA9836F875D5E5C3590011F1CEEF91244B82702C4852A525B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214173Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:53.346{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E841-615E-5C01-00000000FE01}3864C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214172Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:53.346{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214171Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:53.346{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214170Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:53.346{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214169Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:53.346{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214168Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:53.346{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214167Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:53.346{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214166Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:53.346{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214165Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:53.346{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214164Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:53.346{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214163Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:53.346{49C67628-E19C-615E-0500-00000000FE01}4161044C:\Windows\system32\csrss.exe{49C67628-E841-615E-5C01-00000000FE01}3864C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214162Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:53.346{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E841-615E-5C01-00000000FE01}3864C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214161Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:53.347{49C67628-E841-615E-5C01-00000000FE01}3864C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000214160Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:53.221{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EEBCD7936D8EAABCCCF87426EF03A2CF,SHA256=E8E06224F4DA6469AE2492F86A20DB57960F98FFBE548BE1DCB940E26D17BC02,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240175Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:53.421{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E425-615E-0901-00000000FD01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2ee50|C:\Program Files\Mozilla Firefox\xul.dll+d94d2e|C:\Program Files\Mozilla Firefox\xul.dll+d94757|C:\Program Files\Mozilla Firefox\xul.dll+7e80d9|C:\Program Files\Mozilla Firefox\xul.dll+7dbef1|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240174Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:53.410{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42A-615E-1001-00000000FD01}6800C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2ee50|C:\Program Files\Mozilla Firefox\xul.dll+d94d2e|C:\Program Files\Mozilla Firefox\xul.dll+d8f0d9|C:\Program Files\Mozilla Firefox\xul.dll+d8fb3f|C:\Program Files\Mozilla Firefox\xul.dll+d7e9d1|C:\Program Files\Mozilla Firefox\xul.dll+3ea8a86|C:\Program Files\Mozilla Firefox\xul.dll+21dc6d0|C:\Program Files\Mozilla Firefox\xul.dll+911a3c|C:\Program Files\Mozilla Firefox\xul.dll+8d6c51|C:\Program Files\Mozilla Firefox\xul.dll+19876d|C:\Program Files\Mozilla Firefox\xul.dll+914c17|C:\Program Files\Mozilla Firefox\xul.dll+8df324|C:\Program Files\Mozilla Firefox\xul.dll+8eb004|C:\Program Files\Mozilla Firefox\xul.dll+8ea1a3|C:\Program Files\Mozilla Firefox\xul.dll+8302aa|C:\Program Files\Mozilla Firefox\xul.dll+7ce177|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088 23542300x8000000000000000240215Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.737{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=84ACEE82BD29E9A028C0B2E920E7B64A,SHA256=B651632EDFBE9E99376BFD670BE0F5406F9F51362252A0EE0B59A0738392DBF4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240214Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.725{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=305CA6CBE4A1491CA5860E424DF23A42,SHA256=874807B1FCBA0B04A664DA50943C3490311E978F4A3348E1DB2572E0A6B6EF32,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214175Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:54.486{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=81FFE499B93A71A45C533D7A2D52B38B,SHA256=39D70F7CA1ED960E8FF6C42DA4436F4CB914EB9C7900F662E64504B03B4A3FAA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240213Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.469{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2ee50|C:\Program Files\Mozilla Firefox\xul.dll+d94d2e|C:\Program Files\Mozilla Firefox\xul.dll+d8f0d9|C:\Program Files\Mozilla Firefox\xul.dll+d80d70|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240212Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.469{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240211Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.469{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240210Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.469{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240209Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.468{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240208Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.468{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240207Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.468{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240206Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.467{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240205Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.467{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240204Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.467{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240203Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.467{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240202Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.467{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240201Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.467{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240200Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.466{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240199Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.466{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240198Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.466{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+979d46|C:\Program Files\Mozilla Firefox\xul.dll+d96e88|C:\Program Files\Mozilla Firefox\xul.dll+d80a1a|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000240197Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.466{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+d80991|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240196Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.465{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+bc795|C:\Program Files\Mozilla Firefox\xul.dll+d80668|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240195Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.465{6EDEAD03-E420-615E-0601-00000000FD01}60165236C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+9326bf|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+15c3436|C:\Program Files\Mozilla Firefox\xul.dll+192543c|C:\Program Files\Mozilla Firefox\xul.dll+13765|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+13348|C:\Program Files\Mozilla Firefox\xul.dll+91b9c1|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240194Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.457{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240193Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.456{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240192Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.456{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240191Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.456{6EDEAD03-E40D-615E-DD00-00000000FD01}27722156C:\Windows\system32\csrss.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000240190Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.456{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240189Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.456{6EDEAD03-E420-615E-0601-00000000FD01}60165412C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+2f02d|C:\Program Files\Mozilla Firefox\firefox.exe+2e235|C:\Program Files\Mozilla Firefox\xul.dll+1efde1a|C:\Program Files\Mozilla Firefox\xul.dll+92e2ba|C:\Program Files\Mozilla Firefox\xul.dll+92c4c5|C:\Program Files\Mozilla Firefox\xul.dll+93347e|C:\Program Files\Mozilla Firefox\xul.dll+7da221|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000240188Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.456{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe93.0FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6016.17.114453411\892842068" -childID 6 -isForBrowser -prefsHandle 8900 -prefMapHandle 2744 -prefsLen 11736 -prefMapSize 246975 -jsInit 1164 286204 -parentBuildID 20210927210923 -appdir "C:\Program Files\Mozilla Firefox\browser" - 6016 "\\.\pipe\gecko-crash-server-pipe.6016" 9084 29069487f38 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6EDEAD03-E40F-615E-3361-0B0000000000}0xb61332LowMD5=988976B1058A1DAE198C93A5688142FD,SHA256=28BE8E0485DBA68F6A4B37F6A68D7AE542B0DA00925A69EA12A4E7AA3B477EC6,IMPHASH=AECE7B7E776840D7A7255A31B309B7E4{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 17141700x8000000000000000240187Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-07 12:29:54.446{6EDEAD03-E420-615E-0601-00000000FD01}6016\chrome.6016.17.11445341C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000240186Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.349{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240185Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.348{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240184Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.337{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+b3ed70|C:\Program Files\Mozilla Firefox\xul.dll+b3e6ed|C:\Program Files\Mozilla Firefox\xul.dll+b377b4|C:\Program Files\Mozilla Firefox\xul.dll+b3cbe8|C:\Program Files\Mozilla Firefox\xul.dll+b3d361|C:\Program Files\Mozilla Firefox\xul.dll+389961|C:\Program Files\Mozilla Firefox\xul.dll+b3e119|C:\Program Files\Mozilla Firefox\xul.dll+b410d2|C:\Program Files\Mozilla Firefox\xul.dll+b3db36|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b1e573|C:\Program Files\Mozilla Firefox\xul.dll+b1d776 354300x8000000000000000240183Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:53.137{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56659-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000240182Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:54.304{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cache2\doomed\9288MD5=B09D947D755A0999703909579D395FCC,SHA256=B7F23C1C12EAA6085F4951D5B20690A205491C8AD50BBA6A14E6D56B81E91974,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240234Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:55.759{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2095DBA1C9FC2C35554B62513F98BD8E,SHA256=2FF5412E04BBB8AE1D2EEBB1587346040D7CF1486443A8CA1670ABA1DE9DCB1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214176Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:55.017{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8BB65388FB834932EE0B5A93E662A19A,SHA256=54841B7B6AD1297B9717222A7F60691D228E424FA9213A31C1B19AE4010CB941,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240233Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:55.727{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+9346c1|C:\Program Files\Mozilla Firefox\xul.dll+99921d|C:\Program Files\Mozilla Firefox\xul.dll+c9cf1|C:\Program Files\Mozilla Firefox\xul.dll+192e892|C:\Program Files\Mozilla Firefox\xul.dll+16a44c5|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240232Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:55.680{6EDEAD03-E1A0-615E-1100-00000000FD01}4241548C:\Windows\system32\svchost.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240231Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:55.677{6EDEAD03-E1A0-615E-1100-00000000FD01}4241548C:\Windows\system32\svchost.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240230Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:55.666{6EDEAD03-E19E-615E-0B00-00000000FD01}636760C:\Windows\system32\lsass.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240229Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:55.666{6EDEAD03-E19E-615E-0B00-00000000FD01}636760C:\Windows\system32\lsass.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240228Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:55.648{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+978ae8|C:\Program Files\Mozilla Firefox\xul.dll+93bf17|C:\Program Files\Mozilla Firefox\xul.dll+986a39|C:\Program Files\Mozilla Firefox\xul.dll+d88048|C:\Program Files\Mozilla Firefox\xul.dll+193adae|C:\Program Files\Mozilla Firefox\xul.dll+192e892|C:\Program Files\Mozilla Firefox\xul.dll+1903b07|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000240227Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-07 12:29:55.648{6EDEAD03-E420-615E-0601-00000000FD01}6016\cubeb-pipe-6016-5C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000240226Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-07 12:29:55.648{6EDEAD03-E420-615E-0601-00000000FD01}6016\cubeb-pipe-6016-5C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000240225Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:55.627{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000240224Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-07 12:29:55.627{6EDEAD03-E423-615E-0801-00000000FD01}5392\chrome.6016.18.192690187C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000240223Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:55.627{6EDEAD03-E420-615E-0601-00000000FD01}60165236C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+1b066c|C:\Program Files\Mozilla Firefox\xul.dll+93e6a6|C:\Program Files\Mozilla Firefox\xul.dll+9391cf|C:\Program Files\Mozilla Firefox\xul.dll+1926c83|C:\Program Files\Mozilla Firefox\xul.dll+19253b7|C:\Program Files\Mozilla Firefox\xul.dll+13765|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+13348|C:\Program Files\Mozilla Firefox\xul.dll+91b9c1|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x8000000000000000240222Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-07 12:29:55.627{6EDEAD03-E420-615E-0601-00000000FD01}6016\chrome.6016.18.192690187C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000240221Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:55.625{6EDEAD03-E1A0-615E-1600-00000000FD01}12801332C:\Windows\system32\svchost.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000240220Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-07 12:29:55.623{6EDEAD03-E420-615E-0601-00000000FD01}6016\chrome.6016.17.11445341C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000240219Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:55.622{6EDEAD03-E420-615E-0601-00000000FD01}60165416C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+12e9cb|C:\Program Files\Mozilla Firefox\xul.dll+115df2d|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000240218Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-07 12:29:55.621{6EDEAD03-E420-615E-0601-00000000FD01}6016\gecko-crash-server-pipe.6016C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000240217Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:55.470{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=98908E53FAB4E1677F44CAFFBD8E2BA8,SHA256=12AB4A6D365F6D8DFB6559194DAB46F190B2DEC0AEBA51D76551FB820C4F64E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240216Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:55.468{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=699791919FC6A2DBE0922230F60A3B61,SHA256=EEB803E90F31721341BAEDF03D6DC1A981A016ADDF91F067B5EB511A5EB68924,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240235Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:56.765{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C6D694598EE1515CA3866C3F526A2A29,SHA256=C7EA467EE4065F6943C18733BE8F27A36C5BF7737394A4F7DA9451577F9AD242,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214178Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:52.763{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50045-false10.0.1.12-8000- 23542300x8000000000000000214177Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:56.080{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3006305EFCF5AF5049F936670C39C81F,SHA256=47B8F51805B15247BD1096559F57974FB70E9FFFC9202A101F57E3B49A884088,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240236Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:57.770{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=227CD83563DE18D1DEAE964DC8FC2938,SHA256=76E011F3B883BC8AE3CBD8031AE82607BF7E4EADF93D268347A397E44A87B3FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214179Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:57.080{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2BCD4CA44FA164BA904B5BCD6044E9AA,SHA256=D1FFBF4C4CA8E7F63B8CA8FDD86DE12DC40E862A11A645C2A5ABCDA890EF5A2E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240237Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:58.778{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=61BB004BC44FC1D3F26DE6CF9D66A598,SHA256=98CE192626DE011BF29DBA8953B47DCF0F87EE7CB88ED281CCE237262D48C1A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214180Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:58.127{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FF5E23D76716FBC375680B7602F07B6D,SHA256=62CADD2F0923DBF8CB4506C5C0C91B0F4616C53C30BDDCC6F910D3D43DB738FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240242Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:59.782{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DDFC815856411F38B1FF2CD5E9D052F1,SHA256=7C63C24981B821D3E0A9059863DE7FA92C8D6443E38CD3B2E9C444D647555550,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214181Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:59.127{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=56EDEAD4B085EF0176E48080891777EE,SHA256=24675AFB4524D60450851357DCCAFA721D9533F7710203A4244754A4E0FABC11,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240241Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:59.126{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-walMD5=8D36103CE71180DC9BA1A2FD89027828,SHA256=CDD0C5823EECFC813FE2CA2BAE9C04A57E3529AD6DB98E0E8D258DBB3233A27A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240240Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:59.123{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-shmMD5=B1B08DB1F34CBC690FB59DBC39BBD937,SHA256=49465E4FB27AD759900541327414A7A7E33D94B4EAFB1C5D670957E129F79E84,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240239Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:59.118{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++github.com\ls\data.sqlite-journalMD5=5623DE2F633C76968F578EBB7CE33AFB,SHA256=628CD85CA65B7D4985E31B667CAFA08D084CF3B975B55AA19A0C51D656EBDAF9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240238Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:59.104{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++github.com\ls\usageMD5=0C0D0B34923AE350984A5611E718E36E,SHA256=F4104708CB08A5952650EBE695C13673BF06244B42D88EEB77742C70236DE517,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240249Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:00.792{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=474DCD79D34B9494EEF5FA538791070B,SHA256=5ADB9034CF0097953875F51824B8BD1C6915E8790D2E5B3C6D5E9E1616BC8871,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214182Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:00.127{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F12708A5C05D0334DD28232961A43882,SHA256=F32BBC494285BF67DC74473A12047E4C847FEF1E4F0220E5F7D9EE8AAF235102,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240248Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:00.137{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=B5B92A781D30815E92445DCF4C11F687,SHA256=6F7201AC37E5121FD86C3C9A415354593E8B690FAEF29CF05E6F71A3F6BF031D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240247Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:00.133{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=342CF41F166E1597BA75FC66576D8632,SHA256=A0B1EB89975F8B3245B2EE1078029D21EBADA4299FF7F31E986049BB857EE6C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240246Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:00.129{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=E346681D40DB5FB842CECF554C008356,SHA256=E9D46F933E6FB6A1586442CBCB0CAF645B447E7A9A1C83589C1468D89047AFEA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240245Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:00.128{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=C04B8CD8A1E35CA8127D28B111BBA389,SHA256=426921C5DDEDBA966B18D627A6E4B00F8DAB679337A4CDB43E1E19682362C90F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240244Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:00.126{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=1EAA18B66E503F151205E2AF5DAB0484,SHA256=557491FA1C0F1F9861BCE430BF00A64CF670FBB610546124A2CA45CD45A14916,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240243Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:00.122{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=6E6942E4CBB93D1AABF9CF56A5FEB176,SHA256=84655E628F8B0C153825B4517D4D7F89AC3A0A15A66C34D83715AA3D0E94E772,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240251Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:29:59.109{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56660-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000240250Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:01.795{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BE2BAC2AC95DF38A776568DC10DE4E71,SHA256=0D629B181BBF1912BC761DA19C004D757AF9EE760A63241323A659056FE6D1B2,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214184Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:29:57.763{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50046-false10.0.1.12-8000- 23542300x8000000000000000214183Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:01.127{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1835F2DEA47D448649C420BC411DDADF,SHA256=9B53C7885A721DCDD8159210744D0BE578DF54D207384080000653F10A4F7904,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240252Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:02.803{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB5AE3C898E89C8A932B9FDF1D6E9722,SHA256=DB9083C96D95E0E84CB6563E0A367F5BBFDF1E7EB62EFC085C1EC4C339414C56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214185Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:02.127{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B9606B9028216917E19154E1BB928DA0,SHA256=18F3040F32416ED6D2DE8FC5138322A2FE80725AE08FD35240D92590AE1C8A6D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240253Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:03.810{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E88E34A3C67F3D977038E47C6DE65B98,SHA256=3E432A1D4D43A22E1AC7D6A419D94A792D36E656935E745A3697C729CAD152EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214186Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:03.221{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=01EFFB019045256C3C6AE222EB05CCD5,SHA256=60F65783532DB8784576C486C7BB1B2828B507F8286C704A3A67440E51CFC126,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240254Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:04.815{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EA6BB1E30253662C5B4CD12AF6F38184,SHA256=1BF73CBA25C88025B840A36AD3E676EC27CC4D77A821A1671417FB2C2939A4DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214187Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:04.237{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C4C8C8B25414185B09B2BDBFCDFBB7E9,SHA256=B7E473EC2C2EDE4F8201E4F4357FC03B274FF0E29296FE89C432A6D3BE0F634D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240262Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:05.823{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B8563EA355DE5ECC688C19471ADFDE74,SHA256=0E8E54F5DE3868A87F880398047C957A25EC77896EBDFD50DB3859FB4E8A5EE4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214188Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:05.330{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21EBE678B1AD2CE171DD3BF88357CB36,SHA256=9D903F84BC2374321220FA3FCA5ACFA46A475A517742CA9D7DD9B5CFA73EB5B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240261Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:05.466{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++twitter.com\idb\1046228012scyn.sqlite-shmMD5=BAC7FB7CD8822B0F927C470BD8F108DF,SHA256=907FFB85AED5E152A25D378E0C507185385E3D505BC7DDA4DDA149A700057032,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240260Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:05.143{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=49A577401103EED64B9C69431AFCA295,SHA256=11AEC24DBF9D2F021E66F92D71F544508ECAC9608E2778C30A9B81F0DF7AD62E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240259Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:05.142{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=5BCBE1124ED4FAE55D4F4A7DB898DDD1,SHA256=7DFDB330E2C24C4A1B66A3333DBB63E5047280EDDC592565F5F17901DEED9BD7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240258Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:05.139{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=4D4AB94834976C888977B8859A1B6590,SHA256=64B9E6DEDA3C958266B6491D7E61DB5040519026E67F8D2F7E7D279E28D4FF19,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240257Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:05.136{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=492F5C3CEB71F2D1490B5FF9E501536A,SHA256=54FCDE23F0AB704E6418240A10C34E755BFC7BE49A57949A3756CCAD478C6D2B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240256Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:05.133{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=17ECA1EB7D8E1A6FE9E14C93A3EB0279,SHA256=F5FB0ACE143C696468F4C01B4D7753C2DA19890A325D491C2629E459C7AE0C8D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240255Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:05.131{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=78F2555E4AA4759704375BA0B76C23F8,SHA256=C380E8E38192E6343CDCDFFFF1566FCEEDC734774F2C86A690FABBDE4F6E64C0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240281Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.997{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E84E-615E-A701-00000000FD01}4292C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240280Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.984{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240279Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.984{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240278Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.984{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240277Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.983{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240276Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.983{6EDEAD03-E19E-615E-0500-00000000FD01}4202412C:\Windows\system32\csrss.exe{6EDEAD03-E84E-615E-A701-00000000FD01}4292C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000240275Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.983{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E84E-615E-A701-00000000FD01}4292C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000240274Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.984{6EDEAD03-E84E-615E-A701-00000000FD01}4292C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000240273Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:04.979{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56661-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000240272Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.835{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BD4C28D84FE4389506804503A8ECFD3D,SHA256=C2ED3473B9BF45AD6E323E1775EA8A60BFEB5B17BFF55DF7753255BC2681AC4E,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214190Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:03.700{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50047-false10.0.1.12-8000- 23542300x8000000000000000214189Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:06.377{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F1F4EF10EF9CE6DBD252E05C26C2D3A,SHA256=D5866CCAE9C7FDD24BFECDA91DE368CE590E3E38CE073C944473E8528256C6BD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240271Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.423{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E84E-615E-A601-00000000FD01}4188C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240270Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.419{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240269Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.418{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240268Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.418{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240267Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.417{6EDEAD03-E19E-615E-0500-00000000FD01}4202412C:\Windows\system32\csrss.exe{6EDEAD03-E84E-615E-A601-00000000FD01}4188C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000240266Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.417{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240265Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.417{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E84E-615E-A601-00000000FD01}4188C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000240264Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.416{6EDEAD03-E84E-615E-A601-00000000FD01}4188C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000240263Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.362{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\permissions.sqlite-journalMD5=CB1049DF4A20952F0F0628A873F8BA94,SHA256=89CE7B21087E60E41679B8FBE7914A591BA0B78AB8E3E1F8D97011778F977522,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240305Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.901{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2AE880FA32EC826F94C8AC6E46D13215,SHA256=B31ADFADB5DE49E64DB3769EDB99F9FE8CAF90719C30C8C93D561FE1FA2E0C5C,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240304Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.634{6EDEAD03-E1B1-615E-2B00-00000000FD01}2968C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56662-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 23542300x8000000000000000214191Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:07.440{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6F2ECB4A3DF76BED6C9FCA2365A12BFD,SHA256=D3F96BFA329D000B456BF26668DC922D96CA7F241F45EC8CBD29D8FA7AC73AC8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240303Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.766{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E84F-615E-A801-00000000FD01}5788C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240302Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.763{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240301Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.763{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240300Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.762{6EDEAD03-E19E-615E-0500-00000000FD01}420436C:\Windows\system32\csrss.exe{6EDEAD03-E84F-615E-A801-00000000FD01}5788C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000240299Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.763{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240298Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.762{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240297Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.762{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E84F-615E-A801-00000000FD01}5788C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000240296Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.762{6EDEAD03-E84F-615E-A801-00000000FD01}5788C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000240295Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.522{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+b3e7fb|C:\Program Files\Mozilla Firefox\xul.dll+b375e2|C:\Program Files\Mozilla Firefox\xul.dll+b3cbe8|C:\Program Files\Mozilla Firefox\xul.dll+b3d361|C:\Program Files\Mozilla Firefox\xul.dll+389961|C:\Program Files\Mozilla Firefox\xul.dll+b3e119|C:\Program Files\Mozilla Firefox\xul.dll+b410d2|C:\Program Files\Mozilla Firefox\xul.dll+b3db36|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b3a728|C:\Program Files\Mozilla Firefox\xul.dll+b40b48|C:\Program Files\Mozilla Firefox\xul.dll+b40ead 10341000x8000000000000000240294Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.522{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+2658828|C:\Program Files\Mozilla Firefox\xul.dll+2649b6c|C:\Program Files\Mozilla Firefox\xul.dll+b38647|C:\Program Files\Mozilla Firefox\xul.dll+2640b1d|C:\Program Files\Mozilla Firefox\xul.dll+b3f956|C:\Program Files\Mozilla Firefox\xul.dll+b38b0b|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b3a728|C:\Program Files\Mozilla Firefox\xul.dll+2641d8e|C:\Program Files\Mozilla Firefox\xul.dll+2641b24|C:\Program Files\Mozilla Firefox\xul.dll+b40bb2|C:\Program Files\Mozilla Firefox\xul.dll+b3a989 10341000x8000000000000000240293Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.520{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+b3ed70|C:\Program Files\Mozilla Firefox\xul.dll+2655c0b|C:\Program Files\Mozilla Firefox\xul.dll+2648cf6|C:\Program Files\Mozilla Firefox\xul.dll+b382c0|C:\Program Files\Mozilla Firefox\xul.dll+2640b1d|C:\Program Files\Mozilla Firefox\xul.dll+b3f956|C:\Program Files\Mozilla Firefox\xul.dll+b38b0b|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b3a728|C:\Program Files\Mozilla Firefox\xul.dll+2641d8e|C:\Program Files\Mozilla Firefox\xul.dll+2641b24|C:\Program Files\Mozilla Firefox\xul.dll+b40bb2 10341000x8000000000000000240292Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.520{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+b3e7fb|C:\Program Files\Mozilla Firefox\xul.dll+b375e2|C:\Program Files\Mozilla Firefox\xul.dll+b3cbe8|C:\Program Files\Mozilla Firefox\xul.dll+b3d361|C:\Program Files\Mozilla Firefox\xul.dll+389961|C:\Program Files\Mozilla Firefox\xul.dll+b3e119|C:\Program Files\Mozilla Firefox\xul.dll+b410d2|C:\Program Files\Mozilla Firefox\xul.dll+b3db36|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b3a728|C:\Program Files\Mozilla Firefox\xul.dll+b40b48|C:\Program Files\Mozilla Firefox\xul.dll+b40ead 10341000x8000000000000000240291Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.512{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+2658828|C:\Program Files\Mozilla Firefox\xul.dll+2649b6c|C:\Program Files\Mozilla Firefox\xul.dll+b38647|C:\Program Files\Mozilla Firefox\xul.dll+2640b1d|C:\Program Files\Mozilla Firefox\xul.dll+b3f956|C:\Program Files\Mozilla Firefox\xul.dll+b38b0b|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b3a728|C:\Program Files\Mozilla Firefox\xul.dll+2641d8e|C:\Program Files\Mozilla Firefox\xul.dll+2641b24|C:\Program Files\Mozilla Firefox\xul.dll+b40bb2|C:\Program Files\Mozilla Firefox\xul.dll+b3a989 10341000x8000000000000000240290Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.504{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+acbf08|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240289Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.504{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+acbf08|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240288Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.500{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+acbf08|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240287Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.498{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+acbf08|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240286Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.498{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+acbf08|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240285Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.492{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac7053|C:\Program Files\Mozilla Firefox\xul.dll+add5ff|C:\Program Files\Mozilla Firefox\xul.dll+add289|C:\Program Files\Mozilla Firefox\xul.dll+addabe|C:\Program Files\Mozilla Firefox\xul.dll+ebeec2|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880|C:\Program Files\Mozilla Firefox\xul.dll+e556f5|C:\Program Files\Mozilla Firefox\xul.dll+e55284|C:\Program Files\Mozilla Firefox\xul.dll+e54d39 23542300x8000000000000000240284Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.440{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C034DF5394F0D20E7F1AFFE18A5EB1E5,SHA256=F8DCEF3B1BA2BA5EF87B9D48DB0CA8D7B56C92E31FC313B8A0CBB35D6D961617,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240283Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.438{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=98908E53FAB4E1677F44CAFFBD8E2BA8,SHA256=12AB4A6D365F6D8DFB6559194DAB46F190B2DEC0AEBA51D76551FB820C4F64E4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240282Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:07.271{6EDEAD03-E84E-615E-A701-00000000FD01}42926180C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240309Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:08.860{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DC00C8FA4921C79CF40956E931CD92A5,SHA256=20314CE8991CB8EC71725F185A8B84F380F779842F5E260CD4B40105A5F8BF53,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214192Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:08.487{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D22DE16856891863614F2C86B64D3DDA,SHA256=2706A21F90E13BEE2E3BFC1DE923DC34540CF894822657B315FB3723ECCEC726,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240308Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:06.634{6EDEAD03-E19E-615E-0B00-00000000FD01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56662-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 23542300x8000000000000000240307Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:08.773{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C034DF5394F0D20E7F1AFFE18A5EB1E5,SHA256=F8DCEF3B1BA2BA5EF87B9D48DB0CA8D7B56C92E31FC313B8A0CBB35D6D961617,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240306Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:08.151{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+ebee38|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880 10341000x8000000000000000240331Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.939{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+2658828|C:\Program Files\Mozilla Firefox\xul.dll+2649b6c|C:\Program Files\Mozilla Firefox\xul.dll+b38647|C:\Program Files\Mozilla Firefox\xul.dll+2640b1d|C:\Program Files\Mozilla Firefox\xul.dll+b3f956|C:\Program Files\Mozilla Firefox\xul.dll+b38b0b|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b3a728|C:\Program Files\Mozilla Firefox\xul.dll+2641d8e|C:\Program Files\Mozilla Firefox\xul.dll+2641b24|C:\Program Files\Mozilla Firefox\xul.dll+b40bb2|C:\Program Files\Mozilla Firefox\xul.dll+b3a989 10341000x8000000000000000240330Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.932{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+2658828|C:\Program Files\Mozilla Firefox\xul.dll+2649b6c|C:\Program Files\Mozilla Firefox\xul.dll+b38647|C:\Program Files\Mozilla Firefox\xul.dll+2640b1d|C:\Program Files\Mozilla Firefox\xul.dll+b3f956|C:\Program Files\Mozilla Firefox\xul.dll+b38b0b|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b3a728|C:\Program Files\Mozilla Firefox\xul.dll+2641d8e|C:\Program Files\Mozilla Firefox\xul.dll+2641b24|C:\Program Files\Mozilla Firefox\xul.dll+b40bb2|C:\Program Files\Mozilla Firefox\xul.dll+b3a989 10341000x8000000000000000240329Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.931{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+2658828|C:\Program Files\Mozilla Firefox\xul.dll+2649b6c|C:\Program Files\Mozilla Firefox\xul.dll+b38647|C:\Program Files\Mozilla Firefox\xul.dll+2640b1d|C:\Program Files\Mozilla Firefox\xul.dll+b3f956|C:\Program Files\Mozilla Firefox\xul.dll+b38b0b|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b3a728|C:\Program Files\Mozilla Firefox\xul.dll+2641d8e|C:\Program Files\Mozilla Firefox\xul.dll+2641b24|C:\Program Files\Mozilla Firefox\xul.dll+b40bb2|C:\Program Files\Mozilla Firefox\xul.dll+b3a989 23542300x8000000000000000240328Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.912{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BF30064E859CFD285AA9FA64433B16E8,SHA256=A7E8AF6FBADBC214AF7A8E8E2C838DEACF36A96D10E0D8A50353633F9723D946,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214193Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:09.487{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A1089CD7970EBF572EE8BEE2B4669FE,SHA256=1C9651FED9F6F1B0E268CDD21D28B1D402CD9CB1B41577F18532EAF16E9B4C42,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240327Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.859{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000240326Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:08.669{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-49976- 354300x8000000000000000240325Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:08.516{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-60112- 354300x8000000000000000240324Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:08.492{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60112- 10341000x8000000000000000240323Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.830{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240322Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.827{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240321Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.782{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E851-615E-A901-00000000FD01}4116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240320Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.780{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240319Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.780{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240318Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.778{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240317Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.778{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240316Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.778{6EDEAD03-E19E-615E-0500-00000000FD01}420536C:\Windows\system32\csrss.exe{6EDEAD03-E851-615E-A901-00000000FD01}4116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000240315Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.778{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E851-615E-A901-00000000FD01}4116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000240314Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.778{6EDEAD03-E851-615E-A901-00000000FD01}4116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 22542200x8000000000000000240313Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:08.805{6EDEAD03-E420-615E-0601-00000000FD01}6016bunnyinside.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240312Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:08.651{6EDEAD03-E420-615E-0601-00000000FD01}6016bunnyinside.com0103.224.182.210;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240311Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:08.649{6EDEAD03-E420-615E-0601-00000000FD01}6016bunnyinside.com0::ffff:103.224.182.210;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000240310Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.712{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880 23542300x8000000000000000240368Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.985{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6B1B7725D7E5665ED523CCD78F1038AE,SHA256=B26BF14182B5140C1C18A26A6FFE2939B3D7235F120838FD064A7A3924E210FE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240367Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.924{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E852-615E-AA01-00000000FD01}6556C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240366Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.922{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240365Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.922{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240364Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.921{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240363Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.921{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240362Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.921{6EDEAD03-E19E-615E-0500-00000000FD01}420436C:\Windows\system32\csrss.exe{6EDEAD03-E852-615E-AA01-00000000FD01}6556C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000240361Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.921{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E852-615E-AA01-00000000FD01}6556C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000240360Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.920{6EDEAD03-E852-615E-AA01-00000000FD01}6556C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000214194Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:10.487{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C5383A89CAF8BD5F32E0ECEE50C0C45D,SHA256=833ADA7FBA394E3491E919E5F2FD8741650E6BEA2194C612A1471EF645470A1D,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240359Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.740{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56668-false142.250.185.228fra16s53-in-f4.1e100.net443https 354300x8000000000000000240358Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.732{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56667-false142.250.185.228fra16s53-in-f4.1e100.net443https 354300x8000000000000000240357Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.707{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56666-false205.234.175.175vip1.G-anycast1.cachefly.net80http 354300x8000000000000000240356Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.707{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56534- 354300x8000000000000000240355Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.706{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60371- 354300x8000000000000000240354Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.681{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51478- 354300x8000000000000000240353Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.603{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56665-false142.250.185.228fra16s53-in-f4.1e100.net80http 354300x8000000000000000240352Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.487{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56664-false64.190.63.136-80http 354300x8000000000000000240351Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.481{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53148- 354300x8000000000000000240350Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.325{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-60576- 354300x8000000000000000240349Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.299{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60576- 23542300x8000000000000000240348Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.783{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4C5DE5AF28AA7053684AA80EFDFEF6BB,SHA256=581E9D5028C7DB82BBB4A1E06E68AEB933AC65C60A4007A762FBC1D9E83C34C1,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000240347Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.043{6EDEAD03-E420-615E-0601-00000000FD01}6016afs.googleusercontent.com0type: 5 googlehosted.l.googleusercontent.com;::ffff:142.250.185.65;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240346Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.717{6EDEAD03-E420-615E-0601-00000000FD01}6016vip1.g5.cachefly.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240345Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.715{6EDEAD03-E420-615E-0601-00000000FD01}6016vip1.g5.cachefly.net0205.234.175.175;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240344Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.712{6EDEAD03-E420-615E-0601-00000000FD01}6016img.sedoparking.com0type: 5 sedo.cachefly.net;type: 5 vip1.g5.cachefly.net;::ffff:205.234.175.175;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240343Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.491{6EDEAD03-E420-615E-0601-00000000FD01}6016www.sedoparking.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240342Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.489{6EDEAD03-E420-615E-0601-00000000FD01}6016www.sedoparking.com064.190.63.136;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240341Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:09.488{6EDEAD03-E420-615E-0601-00000000FD01}6016ww16.bunnyinside.com0type: 5 www.sedoparking.com;::ffff:64.190.63.136;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000240340Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.323{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+2658828|C:\Program Files\Mozilla Firefox\xul.dll+2649b6c|C:\Program Files\Mozilla Firefox\xul.dll+b38647|C:\Program Files\Mozilla Firefox\xul.dll+2640b1d|C:\Program Files\Mozilla Firefox\xul.dll+b3f956|C:\Program Files\Mozilla Firefox\xul.dll+b38b0b|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b3a728|C:\Program Files\Mozilla Firefox\xul.dll+2641d8e|C:\Program Files\Mozilla Firefox\xul.dll+2641b24|C:\Program Files\Mozilla Firefox\xul.dll+b40bb2|C:\Program Files\Mozilla Firefox\xul.dll+b3a989 10341000x8000000000000000240339Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.310{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240338Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.304{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+acbf08|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240337Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.272{6EDEAD03-E851-615E-A901-00000000FD01}41162224C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240336Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.186{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000240335Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:08.966{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local49965- 354300x8000000000000000240334Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:08.966{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57616- 354300x8000000000000000240333Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:08.963{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52300- 354300x8000000000000000240332Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:08.790{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56663-false103.224.182.210lb-182-210.above.com443https 23542300x8000000000000000240395Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:11.991{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=241B665C512D2CCE08AF57CD47AAD677,SHA256=19908E8192EB0C797DDE26C50483A13D70E2C7304A9A2A9E909DFC7E638BF2E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214195Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:11.596{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=71B35441839A2EC93F1E19672DC47587,SHA256=7492132ADE6EA6F008E1E7DBBE3DC6660B1A3F2A9453EE9F9A20278EB5947E70,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240394Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.200{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56782- 354300x8000000000000000240393Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.192{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51666- 354300x8000000000000000240392Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.185{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50576- 354300x8000000000000000240391Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.185{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56382- 22542200x8000000000000000240390Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.209{6EDEAD03-E420-615E-0601-00000000FD01}6016sedo.com0104.16.4.91;104.16.5.91;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240389Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.208{6EDEAD03-E420-615E-0601-00000000FD01}6016sedo.com0::ffff:104.16.5.91;::ffff:104.16.4.91;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240388Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.200{6EDEAD03-E420-615E-0601-00000000FD01}6016www.sedo.com0104.16.5.91;104.16.4.91;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240387Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.199{6EDEAD03-E420-615E-0601-00000000FD01}6016www.sedo.com0::ffff:104.16.4.91;::ffff:104.16.5.91;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240386Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.051{6EDEAD03-E420-615E-0601-00000000FD01}6016googlehosted.l.googleusercontent.com02a00:1450:4001:80e::2001;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240385Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.049{6EDEAD03-E420-615E-0601-00000000FD01}6016googlehosted.l.googleusercontent.com0142.250.185.65;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000240384Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:11.706{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E853-615E-AB01-00000000FD01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240383Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:11.703{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240382Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:11.703{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240381Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:11.702{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240380Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:11.702{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240379Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:11.702{6EDEAD03-E19E-615E-0500-00000000FD01}420436C:\Windows\system32\csrss.exe{6EDEAD03-E853-615E-AB01-00000000FD01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000240378Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:11.702{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E853-615E-AB01-00000000FD01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000240377Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:11.702{6EDEAD03-E853-615E-AB01-00000000FD01}5760C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000240376Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:11.440{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240375Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:11.439{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000240374Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.085{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56672-false142.250.186.67fra24s05-in-f3.1e100.net80http 354300x8000000000000000240373Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.059{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56671-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000240372Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.039{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56669-false142.250.185.65fra16s48-in-f1.1e100.net443https 354300x8000000000000000240371Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.037{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56670-false142.250.185.65fra16s48-in-f1.1e100.net443https 354300x8000000000000000240370Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.031{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52895- 10341000x8000000000000000240369Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:11.252{6EDEAD03-E852-615E-AA01-00000000FD01}65566888C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214196Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:12.596{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6EC028B673342B7865A69FDB55647D25,SHA256=B2EF5F91029FF9A7EE11AD8C11E8D6FA10479C50F4D0A2568ED18CB24E9C7028,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240410Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.705{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59144- 354300x8000000000000000240409Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.704{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60461- 22542200x8000000000000000240408Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.215{6EDEAD03-E420-615E-0601-00000000FD01}6016www.sedo.com02606:4700::6810:55b;2606:4700::6810:45b;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240407Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:10.215{6EDEAD03-E420-615E-0601-00000000FD01}6016sedo.com02606:4700::6810:45b;2606:4700::6810:55b;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000240406Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:12.483{6EDEAD03-E1B2-615E-3100-00000000FD01}30883108C:\Windows\system32\conhost.exe{6EDEAD03-E854-615E-AC01-00000000FD01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240405Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:12.482{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240404Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:12.482{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240403Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:12.480{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240402Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:12.480{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240401Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:12.480{6EDEAD03-E19E-615E-0500-00000000FD01}4202412C:\Windows\system32\csrss.exe{6EDEAD03-E854-615E-AC01-00000000FD01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000240400Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:12.480{6EDEAD03-E1B0-615E-2800-00000000FD01}29042632C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-E854-615E-AC01-00000000FD01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000240399Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:12.480{6EDEAD03-E854-615E-AC01-00000000FD01}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-E19E-615E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000240398Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:12.095{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+93f6c9|C:\Program Files\Mozilla Firefox\xul.dll+93f5ea|C:\Program Files\Mozilla Firefox\xul.dll+93f1d9|C:\Program Files\Mozilla Firefox\xul.dll+93b2df|C:\Program Files\Mozilla Firefox\xul.dll+93b5ec|C:\Program Files\Mozilla Firefox\xul.dll+a8e26a|C:\Program Files\Mozilla Firefox\xul.dll+2ced09|C:\Program Files\Mozilla Firefox\xul.dll+2cec14|C:\Program Files\Mozilla Firefox\xul.dll+2ce9fd|C:\Program Files\Mozilla Firefox\xul.dll+2ce894|C:\Program Files\Mozilla Firefox\xul.dll+ab5763|C:\Program Files\Mozilla Firefox\xul.dll+ab60f1|C:\Program Files\Mozilla Firefox\xul.dll+ab545d|C:\Program Files\Mozilla Firefox\xul.dll+ab4662|C:\Program Files\Mozilla Firefox\xul.dll+adbd21|C:\Program Files\Mozilla Firefox\xul.dll+19842fd|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4 23542300x8000000000000000240397Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:12.016{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E7B1C9B34EFEED7ED7A13A1E5516B9D5,SHA256=76B429B0F585B3450F21EC7577AB91FA9D764AA19FFEBE9778B65564A0A0C15D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240396Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:12.008{6EDEAD03-E853-615E-AB01-00000000FD01}57605884C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000214198Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:09.653{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50048-false10.0.1.12-8000- 23542300x8000000000000000214197Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:13.596{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5893913608B767F862342D43DC613C55,SHA256=541980242A00C9E5E944714BC04196722AEF9285D2F6E92393DFFB2A2314048F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240412Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:13.491{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D4BCCE4CCA2F6384B045EA08E6A06801,SHA256=CF491923509B7AB86318FC5A63A050AE067AAF72CFE24F15FA93C304787A98B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240411Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:13.003{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=02463DE63D7F81C2277A22B4C3A1E10C,SHA256=375995B7D0683E936A1BA39B2AE52D9B87D3AB1DAECE928BFEFF9159BECEEF63,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214199Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:14.596{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=702869A5064E895420CD34E81AF225F1,SHA256=9C4BFE479CA1B11D399EC7B915F41FB42613927F4E99C945B23F92D71789178A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240413Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:14.008{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D70BACBD78C4F0CB731CC6BFF7F5C708,SHA256=94E17E96ABDA6244DA536627A6F5C3122E6D0EFC2B31DF7F22EE4AE430CF8759,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214200Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:15.596{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC4CF430EDFF85F5A0231F036D37797F,SHA256=E31EBB027B147DF0032369957F3E525B3C188003A67F89F6FFBA5F1B516C54B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240420Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:15.709{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 17141700x8000000000000000240419Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-07 12:30:15.228{6EDEAD03-E420-615E-0601-00000000FD01}6016\chrome.6016.19.151342498C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000240418Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:15.224{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac7053|C:\Program Files\Mozilla Firefox\xul.dll+ae56a1|C:\Program Files\Mozilla Firefox\xul.dll+3065d1|C:\Program Files\Mozilla Firefox\xul.dll+efca65|C:\Program Files\Mozilla Firefox\xul.dll+b357f4|C:\Program Files\Mozilla Firefox\xul.dll+305edd|C:\Program Files\Mozilla Firefox\xul.dll+38c97b|C:\Program Files\Mozilla Firefox\xul.dll+38c17d|C:\Program Files\Mozilla Firefox\xul.dll+b1ff5a|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c 10341000x8000000000000000240417Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:15.222{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac7053|C:\Program Files\Mozilla Firefox\xul.dll+add5ff|C:\Program Files\Mozilla Firefox\xul.dll+add289|C:\Program Files\Mozilla Firefox\xul.dll+efc332|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e56b54|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f 10341000x8000000000000000240416Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:15.182{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E42A-615E-1001-00000000FD01}6800C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2ee50|C:\Program Files\Mozilla Firefox\xul.dll+d94d2e|C:\Program Files\Mozilla Firefox\xul.dll+d94757|C:\Program Files\Mozilla Firefox\xul.dll+7e80d9|C:\Program Files\Mozilla Firefox\xul.dll+7dbef1|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240415Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:15.179{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+efc249|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e56b54 23542300x8000000000000000240414Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:15.011{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3CC5FF1657F35FC5E770934769DD9499,SHA256=839D23378BCAE4DE211762C31DF6A6981E35EB6DB93E675CB55B942BF31D0C45,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214201Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:16.596{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=201AD4889521C2254803D93111C458B7,SHA256=ECF0F9E52676C1EDFB602E31B61BE8A50F5A5B83CFDAD6EDD77DEE053F922BC0,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240423Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:15.132{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local56673-false35.227.207.240240.207.227.35.bc.googleusercontent.com443https 354300x8000000000000000240422Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:15.128{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54413- 23542300x8000000000000000240421Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:16.017{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1CF9C1F49B3987F7F7866B66AD704769,SHA256=4DAD3DD3ED2D57435E052F62C26F986C3C59C7CBC7AD97039924ECCB79B0514C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214202Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:17.596{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=977B6D09D1E3BB22EAF5C04C7571804C,SHA256=D3EA9B894B817A215DC90D56FF46E391095020DDAD06C556432644210B4D111D,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240425Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:16.027{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56674-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000240424Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:17.022{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51EA9363A597B93772C41DE0C5D732E0,SHA256=4E22BC3A9F3A3A438DE3E29E6F15378CD134FD157DF69DB8E216DFD3BADF0DF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214204Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:18.726{49C67628-E19D-615E-1A00-00000000FE01}1804NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211007120136-027MD5=9D4F391515175B78F973C8B5B774DE70,SHA256=E6B13D39A78F2A37A848863A5E3913D5FD4B55347F92E521523460DA93139266,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214203Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:18.598{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=45AF7727675456708C053DE5A004E412,SHA256=217236E69D8F7642C2D173489F1F3DB85760325A90C066C068327FD5D67AB44E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240426Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:18.030{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E5018CD091E039EC486650AE4926A48F,SHA256=DB2F242291C44EB2862356CA0F1D794B115381777CEE6D35EAA67D78F856D705,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214207Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:19.727{49C67628-E19D-615E-1A00-00000000FE01}1804NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211007120134-028MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214206Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:19.664{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9439197F96145143F289C391D388CCD7,SHA256=E616259967333EAE07D54C8D2DCFC718B3D39F158C951CD65C9D777B4C913BFF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240427Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:19.031{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6DBC75396E316EF2BDAFD4912F6E04E2,SHA256=328D98893361643345FDB1941BF815039817ED936DF9F38E460C9458E7999618,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214205Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:15.622{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50049-false10.0.1.12-8000- 23542300x8000000000000000214208Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:20.757{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9B97BD9C4556F2E2D8F9A4F9266B1CB7,SHA256=628DBC8BB3B72CF7B70A942750175F49322E19C74624B23E61FB91D282AF1156,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240428Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:20.035{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF3A4377DFA0F7CBDC4519D7FE49ACA9,SHA256=5EF6A426CE1033919743CB9B46A5BC4EA1BAA55285E50D99AC9A4E15097B5E4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214209Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:21.804{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3754CEAB25C235FF10B77A3B94766166,SHA256=BD8706CFA0E0BC0E8244F677F79CA725251A5E164D072E1010CC4721FE90E7E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240434Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:21.161{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=1F8E283FA9B034C620825925BF9D5D72,SHA256=820A28A7906B8438609F88CFAFF906866E64358E89A2BF37F4138D74F2379E83,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240433Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:21.161{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=86502FEEF5AFFE1B43631DFABDCEE172,SHA256=667E134684746C9FCED44F6E132B163811812A7DAAC6077FEAEB54E0F9B14B15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240432Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:21.158{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=DC1D1F487B90716CF7922E5C4DB5C72B,SHA256=F68466B02502EE20F83A50672692345D52CF63FF29BD5A52720896D0EA407872,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240431Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:21.158{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=E614E9428876929D95ADCDD4AE46B47D,SHA256=31EEAEAEBACFFE1E00D7DFD4AB0F1176FCD7DFC2B2DA18ABC1BC4231CCC16216,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240430Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:21.152{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=FC9E97E9F0B0626BA05332EE1A8BC23C,SHA256=4899E17AC5042ADF94C9938A085CFD05A8A6BCD6E6A4FC2A1C732D68D484B58D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240429Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:21.040{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA7EA0B580E14CF10DB6F3FE52C54352,SHA256=D08E4D77191ACD11F9D71A3A4A066154729C847122DBA9987665C40251CDC586,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214210Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:22.820{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CF42B3B7369978EB4CCA5D0168DB6CB6,SHA256=E5129F458FE047D9090DB07CB7E19D3159E8DB2886189BE00981E0CEA5456369,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240435Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:22.056{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F724574CBC6AB0590D74B5E0243D64FC,SHA256=33A2D367A32ABE482E3E1C1BEE59B808C12AE4E48EC81AA083A4B6689D85EA75,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214212Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:23.882{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7EBFE47B956BFA5D5FA2DDB5BDC082B1,SHA256=7A1594F7E68532CA88E0F59C4E206BAF4B91EEE7F69C6F29BDFD4A0745730B3A,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240439Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:21.921{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56675-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000240438Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:23.437{6EDEAD03-E420-615E-0601-00000000FD01}60165236C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+1b066c|C:\Program Files\Mozilla Firefox\xul.dll+93e6a6|C:\Program Files\Mozilla Firefox\xul.dll+9391cf|C:\Program Files\Mozilla Firefox\xul.dll+1926c83|C:\Program Files\Mozilla Firefox\xul.dll+1925623|C:\Program Files\Mozilla Firefox\xul.dll+13765|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+13348|C:\Program Files\Mozilla Firefox\xul.dll+91b9c1|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x8000000000000000240437Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-07 12:30:23.437{6EDEAD03-E420-615E-0601-00000000FD01}6016\chrome.6016.20.100770009C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000240436Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:23.060{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=808504FC0442AA8ECBFA014F411769CC,SHA256=3991D9BAC1DBE428D1AFBF48CC9AD62CA33E42AAB4AC6B68E4BF18D12B134E11,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214211Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:20.721{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50050-false10.0.1.12-8000- 23542300x8000000000000000214213Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:24.914{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7FFBA2AA1C143F636CF2978F06005CBB,SHA256=D29030311EC5887E53FE7851476A4D7468BBCF44367403EB967CBB3263777467,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240440Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:24.077{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=38B4B29462C426ACB832D2D04864B026,SHA256=9AE69EE594FD7EFEDE75E01545ACAFA25A9C61DA8752BF4CF47CA8B886CF6CC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214214Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:25.945{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=64471A7A5540281C8B00CA8B41923EB4,SHA256=9486D2C50C4C66D9AC7BB1696B567C734BA5D815244719ADF3C88DCE6C007403,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240441Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:25.079{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0694D8DB1200CE3FCD238D67877EFA7A,SHA256=CAE2DAF17C141638A044C1B5667116C93306630BF3C5D330C556DD3C2C2FF647,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214215Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:26.945{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=83BA7665FAECCDAB9BF8CA7745DDF669,SHA256=16D3319283C9049382CEBE26371C5E32BC63564EF68A1E84A802CD229D7113AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240443Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:26.693{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\permissions.sqlite-journalMD5=F7286884BAA0CCCB5C3114A6CFAEE9AD,SHA256=37CF0FC608DB2D92C3E1201E6E7D4058C72DE26732CEE5CC974BD6E67354C299,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240442Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:26.083{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2D5F25C06B7B65B1B19CCC9FA4B0E795,SHA256=9FF57CA52E13D66FF5F711423C25BC54959F00EB7423DC7658C13817F4C1FB34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214216Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:27.992{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C75353F671637F674B11432BF52D3C82,SHA256=FAB06AB94E8B4414F47F8AF18C683A66AD8FE2BE95FF950F7BE40B7A7F1FD2B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240444Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:27.088{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=336AC45A1C0D157B1603A34BAC7EC5D8,SHA256=D3A90882ECC5DB8E4D2E07E924F0600D9AAA0D728C03393CDE5B95FD848F942E,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240446Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:26.928{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56676-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000240445Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:28.095{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=105C8412F36A5BA9D9BFE762874A3CE5,SHA256=631C6A4E1356FFB9B6AC044616AD76E0FC346A5F44C287BEFA34509C381AE61E,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214217Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:25.768{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50051-false10.0.1.12-8000- 354300x8000000000000000240457Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:28.285{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54128- 354300x8000000000000000240456Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:28.283{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50586- 10341000x8000000000000000240455Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:29.598{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+b3ed70|C:\Program Files\Mozilla Firefox\xul.dll+b3e6ed|C:\Program Files\Mozilla Firefox\xul.dll+b377b4|C:\Program Files\Mozilla Firefox\xul.dll+b3cbe8|C:\Program Files\Mozilla Firefox\xul.dll+b3d361|C:\Program Files\Mozilla Firefox\xul.dll+389961|C:\Program Files\Mozilla Firefox\xul.dll+b3e119|C:\Program Files\Mozilla Firefox\xul.dll+b410d2|C:\Program Files\Mozilla Firefox\xul.dll+b3db36|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b1e573|C:\Program Files\Mozilla Firefox\xul.dll+b1d776 23542300x8000000000000000240454Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:29.462{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cache2\doomed\18003MD5=03071471281C0F922BA3B57CF7B343DC,SHA256=9D089EB2A862AD89CE999B0B37ACEE78C081D5ED8EB625C99F711E812C9D1FBB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240453Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:29.456{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cache2\doomed\30933MD5=A7AFE1E174873EA76CAF91F334C7EEAB,SHA256=E3E7233DAFB8BA1C859A1E88C9718ED4E2AB64A606DF93C064AF572868037DE4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240452Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:29.454{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240451Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:29.450{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240450Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:29.450{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240449Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:29.324{6EDEAD03-E1A0-615E-1100-00000000FD01}4241548C:\Windows\system32\svchost.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240448Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:29.112{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C4DB0AF68B426038DD4CF2AC12596545,SHA256=53AF8FB06EB7471BA817C3C2BEBC2F70C3EFC2EF8883EE5603D8C72CDDEF1C20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214218Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:29.023{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=26FB70F29DA4EC5FDBE64A20EB983D7F,SHA256=0D2826E3FA5F3146DDEEC940B6D8971DC48CA667D6B2915B693EA79E4F341CF1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240447Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:29.057{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E842-615E-A501-00000000FD01}4196C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2ee50|C:\Program Files\Mozilla Firefox\xul.dll+d94d2e|C:\Program Files\Mozilla Firefox\xul.dll+d8f0d9|C:\Program Files\Mozilla Firefox\xul.dll+d8fb3f|C:\Program Files\Mozilla Firefox\xul.dll+d7e9d1|C:\Program Files\Mozilla Firefox\xul.dll+3ea8a86|C:\Program Files\Mozilla Firefox\xul.dll+21dc6d0|C:\Program Files\Mozilla Firefox\xul.dll+911a3c|C:\Program Files\Mozilla Firefox\xul.dll+8d6c51|C:\Program Files\Mozilla Firefox\xul.dll+19876d|C:\Program Files\Mozilla Firefox\xul.dll+914c17|C:\Program Files\Mozilla Firefox\xul.dll+8df324|C:\Program Files\Mozilla Firefox\xul.dll+8e2051|C:\Program Files\Mozilla Firefox\xul.dll+8e0e2e|C:\Program Files\Mozilla Firefox\xul.dll+8e018e|C:\Program Files\Mozilla Firefox\xul.dll+8ea0a7|C:\Program Files\Mozilla Firefox\xul.dll+8302aa|C:\Program Files\Mozilla Firefox\xul.dll+7ce177|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f 23542300x8000000000000000214219Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:30.227{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CFC7406B4D206F091A41D74392713783,SHA256=F38EA19EE51375B3268183A2575D78A44575091A65DCCAE702F4B685FB842A3E,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240507Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:29.531{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local52047- 354300x8000000000000000240506Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:29.526{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50602- 354300x8000000000000000240505Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:29.497{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50022- 354300x8000000000000000240504Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:29.484{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60259- 23542300x8000000000000000240503Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.444{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0A48B470B22E0328C23595891C17A131,SHA256=B66984530B8045592940979B71897A125ECEDFAC66BA1E22C1B3A70462B87D95,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240502Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.307{6EDEAD03-E420-615E-0601-00000000FD01}60165464C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+9346c1|C:\Program Files\Mozilla Firefox\xul.dll+99921d|C:\Program Files\Mozilla Firefox\xul.dll+c9cf1|C:\Program Files\Mozilla Firefox\xul.dll+192e892|C:\Program Files\Mozilla Firefox\xul.dll+16a44c5|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d0782|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240501Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.283{6EDEAD03-E1A0-615E-1100-00000000FD01}4241548C:\Windows\system32\svchost.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240500Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.283{6EDEAD03-E1A0-615E-1100-00000000FD01}4241548C:\Windows\system32\svchost.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240499Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.268{6EDEAD03-E19E-615E-0B00-00000000FD01}636800C:\Windows\system32\lsass.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240498Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.268{6EDEAD03-E19E-615E-0B00-00000000FD01}636800C:\Windows\system32\lsass.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240497Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.253{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+978ae8|C:\Program Files\Mozilla Firefox\xul.dll+93bf17|C:\Program Files\Mozilla Firefox\xul.dll+986a39|C:\Program Files\Mozilla Firefox\xul.dll+d88048|C:\Program Files\Mozilla Firefox\xul.dll+193adae|C:\Program Files\Mozilla Firefox\xul.dll+192e892|C:\Program Files\Mozilla Firefox\xul.dll+1903b07|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000240496Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-07 12:30:30.253{6EDEAD03-E420-615E-0601-00000000FD01}6016\cubeb-pipe-6016-6C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000240495Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-07 12:30:30.253{6EDEAD03-E420-615E-0601-00000000FD01}6016\cubeb-pipe-6016-6C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000240494Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.240{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000240493Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-07 12:30:30.238{6EDEAD03-E423-615E-0801-00000000FD01}5392\chrome.6016.22.112636241C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000240492Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.238{6EDEAD03-E420-615E-0601-00000000FD01}60165236C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+1b066c|C:\Program Files\Mozilla Firefox\xul.dll+93e6a6|C:\Program Files\Mozilla Firefox\xul.dll+9391cf|C:\Program Files\Mozilla Firefox\xul.dll+1926c83|C:\Program Files\Mozilla Firefox\xul.dll+19253b7|C:\Program Files\Mozilla Firefox\xul.dll+13765|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+13348|C:\Program Files\Mozilla Firefox\xul.dll+91b9c1|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x8000000000000000240491Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-07 12:30:30.238{6EDEAD03-E420-615E-0601-00000000FD01}6016\chrome.6016.22.112636241C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000240490Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.237{6EDEAD03-E1A0-615E-1600-00000000FD01}12801332C:\Windows\system32\svchost.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000240489Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-07 12:30:30.236{6EDEAD03-E420-615E-0601-00000000FD01}6016\chrome.6016.21.83225338C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000240488Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.234{6EDEAD03-E420-615E-0601-00000000FD01}60165416C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+12e9cb|C:\Program Files\Mozilla Firefox\xul.dll+115df2d|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000240487Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-07 12:30:30.234{6EDEAD03-E420-615E-0601-00000000FD01}6016\gecko-crash-server-pipe.6016C:\Program Files\Mozilla Firefox\firefox.exe 354300x8000000000000000240486Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:28.985{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56207- 23542300x8000000000000000240485Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.149{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=64AE7A3A5985718F07F3835B16B28C39,SHA256=F14C845C200C6FC4737AECAABFE9DB9B983837517466DBF9F3FA613FC3DADFB6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240484Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.132{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2ee50|C:\Program Files\Mozilla Firefox\xul.dll+d94d2e|C:\Program Files\Mozilla Firefox\xul.dll+d8f0d9|C:\Program Files\Mozilla Firefox\xul.dll+d80d70|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240483Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.132{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240482Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.132{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240481Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.132{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240480Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.130{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240479Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.130{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240478Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.129{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240477Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.129{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240476Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.129{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240475Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.129{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240474Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.129{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240473Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.128{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240472Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.128{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240471Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.128{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240470Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.128{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+985b3d|C:\Program Files\Mozilla Firefox\xul.dll+979caa|C:\Program Files\Mozilla Firefox\xul.dll+979b04|C:\Program Files\Mozilla Firefox\xul.dll+81818e|C:\Program Files\Mozilla Firefox\xul.dll+d80a7e|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad 10341000x8000000000000000240469Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.128{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+92bb4f|C:\Program Files\Mozilla Firefox\xul.dll+979d46|C:\Program Files\Mozilla Firefox\xul.dll+d96e88|C:\Program Files\Mozilla Firefox\xul.dll+d80a1a|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000240468Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.126{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+d80991|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240467Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.126{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+bc795|C:\Program Files\Mozilla Firefox\xul.dll+d80668|C:\Program Files\Mozilla Firefox\xul.dll+34b6684|C:\Program Files\Mozilla Firefox\xul.dll+34b65f0|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1c56|C:\Program Files\Mozilla Firefox\xul.dll+192fbad|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240466Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.126{6EDEAD03-E420-615E-0601-00000000FD01}60165236C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+9326bf|C:\Program Files\Mozilla Firefox\xul.dll+7a01b4|C:\Program Files\Mozilla Firefox\xul.dll+15c3436|C:\Program Files\Mozilla Firefox\xul.dll+192543c|C:\Program Files\Mozilla Firefox\xul.dll+13765|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+13348|C:\Program Files\Mozilla Firefox\xul.dll+91b9c1|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240465Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.105{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240464Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.105{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240463Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.105{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240462Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.105{6EDEAD03-E40D-615E-DD00-00000000FD01}27725988C:\Windows\system32\csrss.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000240461Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.105{6EDEAD03-E1A0-615E-0C00-00000000FD01}836512C:\Windows\system32\svchost.exe{6EDEAD03-E1B0-615E-2300-00000000FD01}2752C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240460Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.105{6EDEAD03-E420-615E-0601-00000000FD01}60165412C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+2f02d|C:\Program Files\Mozilla Firefox\firefox.exe+2e235|C:\Program Files\Mozilla Firefox\xul.dll+1efde1a|C:\Program Files\Mozilla Firefox\xul.dll+92e2ba|C:\Program Files\Mozilla Firefox\xul.dll+92c4c5|C:\Program Files\Mozilla Firefox\xul.dll+93347e|C:\Program Files\Mozilla Firefox\xul.dll+7da221|C:\Program Files\Mozilla Firefox\xul.dll+15d2363|C:\Program Files\Mozilla Firefox\xul.dll+15d084a|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+7dd137|C:\Program Files\Mozilla Firefox\nss3.dll+75ddd|C:\Program Files\Mozilla Firefox\nss3.dll+8c691|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000240459Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:30.106{6EDEAD03-E866-615E-AD01-00000000FD01}6328C:\Program Files\Mozilla Firefox\firefox.exe93.0FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6016.21.832253384\733986404" -childID 7 -isForBrowser -prefsHandle 5088 -prefMapHandle 2188 -prefsLen 11823 -prefMapSize 246975 -jsInit 1164 286204 -parentBuildID 20210927210923 -appdir "C:\Program Files\Mozilla Firefox\browser" - 6016 "\\.\pipe\gecko-crash-server-pipe.6016" 1888 29069488338 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6EDEAD03-E40F-615E-3361-0B0000000000}0xb61332LowMD5=988976B1058A1DAE198C93A5688142FD,SHA256=28BE8E0485DBA68F6A4B37F6A68D7AE542B0DA00925A69EA12A4E7AA3B477EC6,IMPHASH=AECE7B7E776840D7A7255A31B309B7E4{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 17141700x8000000000000000240458Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-07 12:30:30.078{6EDEAD03-E420-615E-0601-00000000FD01}6016\chrome.6016.21.83225338C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000214220Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:31.352{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B18379900A18DA20318520602E115963,SHA256=6C3D0E58031D54FBF067120CE6730B638137DA6D4D4C4A3FA8343C8EF7913F13,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000240512Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:29.507{6EDEAD03-E420-615E-0601-00000000FD01}6016analytics-collector-28944298.us-east-1.elb.amazonaws.com034.230.149.116;23.21.66.55;54.84.193.129;54.209.192.22;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240511Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:29.505{6EDEAD03-E420-615E-0601-00000000FD01}6016collector.githubapp.com0type: 5 analytics-collector-28944298.us-east-1.elb.amazonaws.com;::ffff:54.209.192.22;::ffff:34.230.149.116;::ffff:23.21.66.55;::ffff:54.84.193.129;C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000240510Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:31.145{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F0D0699CD0D7FECE574C76885D93DD4,SHA256=BE6B3B8054C6643F956B7E21D1ECBEC487070F7CC2A82284817535FB3022F17D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240509Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:31.111{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0EF63F9702868B26488182064EE76C18,SHA256=DB0FFFB4745D5D3C601A4D642D0F660B41B7EEF1409F4E28CD268F108BD6E29E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240508Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:31.109{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2B253402314F29DF0E6D4C1BF1A95778,SHA256=FC56008D318C24A0EF270FA4F5E500006448DA4A16B99E520FBC680D3970ED51,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214221Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:32.367{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4654A7858F22D2C8DAE5FF9E55BEF59A,SHA256=A44AE52AC5FBCB3C20A8F8044716F62872C4B073E026E8EE88990BD4A7C3DE09,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240513Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:32.152{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8726D10A71C6A2FAB433C8E9C55446C1,SHA256=49B779C03DEBD708301E352A0D81CBC7B50EC15D88D10C072993D87A531222EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214222Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:33.508{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=11DC01AB344DCF53DDAC4AEC0921AC94,SHA256=35D499630CC04DEDD96229FC9AA2D15D491A8C9EBF4092A1E39284D9649D120A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240516Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:33.910{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240515Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:33.910{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240514Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:33.153{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D53B46E047AFC35A374F0BDDBAD37F0,SHA256=7CD5168638A421725F207018021B8A18F1548F2248785C66998A356ACC549899,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214223Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:34.633{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=08E69222E664EB81BE92A4A8F37741CA,SHA256=581C408B9166B6538D57958079A985664A1BF18B7CAE5644A46F6B5525C13CAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240524Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:34.635{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-walMD5=48860F9F489992EF8BE92F56495A493C,SHA256=7C97219D42E9D468227EC4CFA95BBE26FCDE4914ABCE31664A0B14590784B832,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240523Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:34.632{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-shmMD5=EB2398907E9FAA046D2EC40208598FB7,SHA256=D2F9AED214ABA9C09ADCE1D90C97488C0EBF23ABC94BCB8B5B6DE0682B771DDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240522Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:34.626{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++github.com\ls\data.sqlite-journalMD5=29CA6ED7F8AB34C216467B4A66EFFF97,SHA256=C0EF41CBE3C4E49E2D2551727994A4630C4220C575DE8C0D47E14BF7F559F249,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240521Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:34.614{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++github.com\ls\usageMD5=0C0D0B34923AE350984A5611E718E36E,SHA256=F4104708CB08A5952650EBE695C13673BF06244B42D88EEB77742C70236DE517,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240520Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:31.966{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56677-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000240519Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:34.158{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3DDE1F8270262AE4B64214AFAF0113A6,SHA256=186E7ACC28B321EFB255450DABB706244F78D77E4608AF330F4F4116FF77C94D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240518Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:34.100{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240517Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:34.100{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214226Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:35.633{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8A3FE6C4BB6FDC4DC77F06D6F6705DBE,SHA256=1A0468C7F2512336AD45C8B1D3AF7B4A12DC6FB00B9E64DFF801A0B01BE3107A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240525Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:35.167{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=28FBC313D92020168271CCFC9C0560F4,SHA256=D0A323A247033303FFA0FBA159DC802E7A2750DCAC44D1AA5D1B5CFCF454FC99,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214225Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:31.580{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50052-false10.0.1.12-8000- 23542300x8000000000000000214224Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:35.055{49C67628-E19D-615E-1200-00000000FE01}980NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=5EDD1496656655FB85AC4E419D8949A3,SHA256=F51D85A26728D64CB792CDE8F28A8440B5DB4B3FA2C66C3E6017A4B789FBB667,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214227Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:36.633{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=31ED5454569C772565972D158EB9D14E,SHA256=EB3BA052E62936C28D359CD08FF4C07C40A58C32D7B828D0DC41EAD9EA031A0E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240530Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:36.989{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240529Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:36.767{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\permissions.sqlite-journalMD5=06ADB0144E811883BD86427627596A87,SHA256=4BE2D5F48019A564769BBC7D5D0576C86F7A3290055EFFD36507D15C63BD274E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240528Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:36.182{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C68763E87BE81A2CC74A3C09C1866161,SHA256=BED025613713A7E115640F565FF30BD0B94C2AB74F8DED50AE927096AA38E71E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240527Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:36.170{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240526Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:36.170{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214228Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:37.633{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E42359651115686F71C74C41AC1FD63E,SHA256=66CDA6C513537EA934D01D4FE3DE8F121AA01E9553E5480CAB54650CEAABC93A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240535Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:37.189{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75E11102ADA7D637956721F1C8117F00,SHA256=AC00E96D690709BB7B326093EFF5DDA72FF18877ADB66B41A90B50710C5A9408,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240534Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:37.129{6EDEAD03-E1A0-615E-1000-00000000FD01}372NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=8DC5836FB02C75CF1F7A520D22B7637B,SHA256=9F719894ABFAB94650A0C5A8853BF1EFC70F6A6EA938C5414FA9BAB23DBACCD7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240533Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:37.024{6EDEAD03-E1B0-615E-2600-00000000FD01}2868NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211007120155-027MD5=CF99E2CB113D8D2DCF43ED5FD96B633A,SHA256=1FA348E6AF774F9DE3BF8065B0725E0F0BD5741AF42D4AB3E9893B22D98D3DA4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240532Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:37.007{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240531Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:36.989{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000214229Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:38.633{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC2FF6479931722D43C8D6DF850FD269,SHA256=4DADCC81500FAA4ABB375032175DEA8DCA0CAFFAF53D39FEC9C89F72344FAAC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240537Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:38.215{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7A3043A0A37BB3E6D267F4395E4EC797,SHA256=18B4004FFF325681C1B2112BE6EBCA22B2B06C2A0B1F7F89B06F5768C2B395E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240536Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:38.021{6EDEAD03-E1B0-615E-2600-00000000FD01}2868NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211007120153-028MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214230Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:39.633{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE8624278AA5F05870F35C8C90652341,SHA256=52BA91FDCE96028976DE3BFDFAFA772A16CF7CAB74E39A76150CD3C2A0E0BAD2,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240539Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:37.092{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56678-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000240538Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:39.225{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=504EC0900B81ADE8DFC3693B25DB5134,SHA256=E97B8FD172E92A890E8143C542419F830E14661BF14A3C5F33373CA3EE29B8A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214232Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:40.633{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13E6771335F988977F5CE2633A0FE549,SHA256=7FE5C2247169416692AE4F6F2AA881A8CC3A1AAABDCBEE97424F93CB27E4A8A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240541Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:40.682{6EDEAD03-E1B0-615E-2800-00000000FD01}2904NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240540Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:40.229{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4902D3AD8FD8F3D2F0D8D662632CFB69,SHA256=27BC77C4956164A7A6A9E985BF009E13027143658D29511D0DD6655A5C620832,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214231Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:36.658{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50053-false10.0.1.12-8000- 23542300x8000000000000000214233Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:41.633{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F972231FA87B5C7B353B91C5D7B31E5F,SHA256=F9F4E9F979B832BCC967DE13585D4532D2EDA04837A0DE7EE415698E1F24496B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240542Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:41.235{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=374A2F46474DBC832A3A6308FACB7EF8,SHA256=D6684C9298F4191161E9CEFB96BB15E0410D477C393D9964E66AFB5C39C9787A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214234Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:42.633{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=16651D17B1E30A6E78912009624506BD,SHA256=3BC8F1403B9C0A3D00609F49D636D50B51F5A12E67C012A2C4D6DD7A6D28FCE7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240548Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:42.585{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=AF2F9A99686EA9A5AEF749F8DF07DDE0,SHA256=E591D5776B05B1A7B5917668032C848E9D599D983845114D6950F884276B56E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240547Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:42.585{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=D3B48A9C463814AF28962BE906EB4630,SHA256=95F9A4539DF60144C65F25BF0BB4AC80E7D7B9C88F2A03612E0DAE614B7C0CBE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240546Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:42.585{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=9BB4C755C54C9A0C9DFFEEA6650207DE,SHA256=B2B0A0B52BB66F44D22D530519689D6FFB04D1C992EA5E9C57A48E57A559D65F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240545Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:42.585{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=DC1BEFC74DCE3FAFFA066FDB5D967FDE,SHA256=7E3C05704D2B65C0F519B7E0E9D39FC4513EF7177E85DC2CD101225F9FC7FE90,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240544Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:42.585{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=6835BEBF285BA10AD0C1E566CA3460BC,SHA256=2DE32A20B7CA76698B47110DE7C2A270BFD986D52B2CE7E12F38564FA03ACA51,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240543Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:42.237{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21CF91D240A5C8EC7991043DBA25D8B7,SHA256=2850FB2B13B0D2D12D87D77EBF11A61D151C4E82CFD64A3D71EC3F34939E45D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214235Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:43.633{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BD52415EFC231BF646D1DF2E760E1666,SHA256=890BD97CFCFFF1BEC511C9EADD4B4A2D91A7416B3B0BD57967EF4AD8811FE45B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240550Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:40.571{6EDEAD03-E1B0-615E-2800-00000000FD01}2904C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56679-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000240549Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:43.254{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6C933FE8DA41FC6B9EC047D93FB81893,SHA256=364ABDA2689DCD423BFFEE7EF125EE140E8A5C05162C42C6B0734F9D913D6298,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214236Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:44.633{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7397E0A769F826D6850FFD4C613E83DF,SHA256=8DAA4D038093AEFE33745362AF4F8C6E03729A92BB02324FB1141C7DC5414D69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240551Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:44.269{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E2141F5046B7FDA159174945CB39FF38,SHA256=1B816BB9FFB9B9BBD3B3C358ABB051414FDD2E57A4B280DC263C7390C36C3EEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214239Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:45.930{49C67628-E19D-615E-1D00-00000000FE01}1960NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214238Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:41.815{49C67628-E1A8-615E-6300-00000000FE01}3552C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50054-false10.0.1.12-8000- 23542300x8000000000000000214237Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:45.633{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4FE780BE9EDC490046E06D1CC0494E30,SHA256=8B40BB7058348928DF2A95EC2CBEAD1D46B30657E22E233FAD8DDE506D5FDCDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000240553Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:45.284{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5637DCDB370D5E7F7777EA165CCD2285,SHA256=6D582A478AB3E09D73EBC9CAAED59911ED6F8754611F4577260B075C498D0E5A,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000240552Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:43.090{6EDEAD03-E1BC-615E-6A00-00000000FD01}4064C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local56680-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000240558Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:46.442{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac7053|C:\Program Files\Mozilla Firefox\xul.dll+add5ff|C:\Program Files\Mozilla Firefox\xul.dll+add289|C:\Program Files\Mozilla Firefox\xul.dll+addabe|C:\Program Files\Mozilla Firefox\xul.dll+ebeec2|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880|C:\Program Files\Mozilla Firefox\xul.dll+e556f5|C:\Program Files\Mozilla Firefox\xul.dll+e55284|C:\Program Files\Mozilla Firefox\xul.dll+e54d39 10341000x8000000000000000240557Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:46.442{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+ebee38|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880 10341000x8000000000000000240556Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:46.354{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+acbf08|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240555Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:46.354{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+b28213|C:\Program Files\Mozilla Firefox\xul.dll+b278a6|C:\Program Files\Mozilla Firefox\xul.dll+b1f233|C:\Program Files\Mozilla Firefox\xul.dll+b28c40|C:\Program Files\Mozilla Firefox\xul.dll+ebf0b9|C:\Program Files\Mozilla Firefox\xul.dll+19842cc|C:\Program Files\Mozilla Firefox\xul.dll+ae2757|C:\Program Files\Mozilla Firefox\xul.dll+f15871|C:\Program Files\Mozilla Firefox\xul.dll+e80aeb|C:\Program Files\Mozilla Firefox\xul.dll+2c3fd4|C:\Program Files\Mozilla Firefox\xul.dll+df1982|C:\Program Files\Mozilla Firefox\xul.dll+df153c|C:\Program Files\Mozilla Firefox\xul.dll+2acbc2|C:\Program Files\Mozilla Firefox\xul.dll+1a11562|C:\Program Files\Mozilla Firefox\xul.dll+e55880 23542300x8000000000000000240554Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:46.285{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FD7ABA5942A0AC7E77598D11067D08D7,SHA256=E92CB487799BD8A24A14AC093B851D85D5F6DECC5F1941C1AD1F8B9130464596,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000214240Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:46.633{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A51268DEC06555109DB31071D1252EDC,SHA256=AED14C31E717FE25F9027244F5A03B0CC918135C715192ABBAC4C95C4F0DB058,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000214255Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:44.487{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50055-false10.0.1.12-8089- 23542300x8000000000000000214254Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:47.633{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=703098796E9F65E7D2FACC9D26E34385,SHA256=5435A2B73CAD8ACC872A266E4C368C3FD25948BD49F281AF6FA3606C7103CDF9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240565Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:47.998{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+acbf08|C:\Program Files\Mozilla Firefox\xul.dll+1903ff5|C:\Program Files\Mozilla Firefox\xul.dll+15d1317|C:\Program Files\Mozilla Firefox\xul.dll+192fb03|C:\Program Files\Mozilla Firefox\xul.dll+91e25f|C:\Program Files\Mozilla Firefox\xul.dll+2638e|C:\Program Files\Mozilla Firefox\xul.dll+198088|C:\Program Files\Mozilla Firefox\xul.dll+196f3f|C:\Program Files\Mozilla Firefox\xul.dll+405693a|C:\Program Files\Mozilla Firefox\xul.dll+40c247c|C:\Program Files\Mozilla Firefox\xul.dll+40c3270|C:\Program Files\Mozilla Firefox\xul.dll+1e462c3|C:\Program Files\Mozilla Firefox\firefox.exe+5cad|C:\Program Files\Mozilla Firefox\firefox.exe+1bbd8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240564Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:47.994{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+2658828|C:\Program Files\Mozilla Firefox\xul.dll+2649b6c|C:\Program Files\Mozilla Firefox\xul.dll+b38647|C:\Program Files\Mozilla Firefox\xul.dll+2640b1d|C:\Program Files\Mozilla Firefox\xul.dll+b3f956|C:\Program Files\Mozilla Firefox\xul.dll+b38b0b|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b3a728|C:\Program Files\Mozilla Firefox\xul.dll+2641d8e|C:\Program Files\Mozilla Firefox\xul.dll+2641b24|C:\Program Files\Mozilla Firefox\xul.dll+b40bb2|C:\Program Files\Mozilla Firefox\xul.dll+b3a989 10341000x8000000000000000240563Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:47.994{6EDEAD03-E420-615E-0601-00000000FD01}60166020C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1afdf1|C:\Program Files\Mozilla Firefox\xul.dll+91bb74|C:\Program Files\Mozilla Firefox\xul.dll+a90d51|C:\Program Files\Mozilla Firefox\xul.dll+ac6d23|C:\Program Files\Mozilla Firefox\xul.dll+ac6ed7|C:\Program Files\Mozilla Firefox\xul.dll+a90c6f|C:\Program Files\Mozilla Firefox\xul.dll+b29095|C:\Program Files\Mozilla Firefox\xul.dll+3974c1|C:\Program Files\Mozilla Firefox\xul.dll+397044|C:\Program Files\Mozilla Firefox\xul.dll+396ee8|C:\Program Files\Mozilla Firefox\xul.dll+2658828|C:\Program Files\Mozilla Firefox\xul.dll+2649b6c|C:\Program Files\Mozilla Firefox\xul.dll+b38647|C:\Program Files\Mozilla Firefox\xul.dll+2640b1d|C:\Program Files\Mozilla Firefox\xul.dll+b3f956|C:\Program Files\Mozilla Firefox\xul.dll+b38b0b|C:\Program Files\Mozilla Firefox\xul.dll+389127|C:\Program Files\Mozilla Firefox\xul.dll+b3a728|C:\Program Files\Mozilla Firefox\xul.dll+2641d8e|C:\Program Files\Mozilla Firefox\xul.dll+2641b24|C:\Program Files\Mozilla Firefox\xul.dll+b40bb2|C:\Program Files\Mozilla Firefox\xul.dll+b3a989 23542300x8000000000000000240562Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:47.974{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cache2\doomed\159MD5=6957C2F34EE46CA983E0090DF8FBE411,SHA256=3B0CB1E8036831146AD738F7413E31424F5EAF2F3B27E30453A3447B49480571,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240561Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:47.677{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240560Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:47.620{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240559Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:47.291{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A5D071D4C76CA95987E3B598587E26B5,SHA256=7F00E52FA7D2C1FCDD5302B3194B67E8E2CACF9F9D88D934DA6BF6AFB8E9F06D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214253Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:47.368{49C67628-E19E-615E-2B00-00000000FE01}28162836C:\Windows\system32\conhost.exe{49C67628-E877-615E-5D01-00000000FE01}3400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214252Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:47.368{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214251Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:47.368{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214250Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:47.368{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214249Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:47.368{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214248Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:47.368{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214247Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:47.368{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214246Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:47.368{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214245Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:47.368{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214244Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:47.368{49C67628-E19C-615E-0C00-00000000FE01}732764C:\Windows\system32\svchost.exe{49C67628-E19D-615E-1B00-00000000FE01}1836C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000214243Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:47.368{49C67628-E19C-615E-0500-00000000FE01}416532C:\Windows\system32\csrss.exe{49C67628-E877-615E-5D01-00000000FE01}3400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000214242Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:47.368{49C67628-E19D-615E-1D00-00000000FE01}19603292C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-E877-615E-5D01-00000000FE01}3400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000214241Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:47.368{49C67628-E877-615E-5D01-00000000FE01}3400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-E19C-615E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000214272Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:48.633{49C67628-E1B0-615E-6C00-00000000FE01}4028NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0A0A52AF858EB19979FEB092B07DD50F,SHA256=D62704E5EAC48491587775958EF44011E85DE63239C8EA09204BBD32F1F069F2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240585Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:48.988{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240584Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:48.940{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000240583Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:47.614{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local50727-false142.250.185.238fra16s53-in-f14.1e100.net443https 354300x8000000000000000240582Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:47.614{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59863- 354300x8000000000000000240581Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:47.602{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local50726- 10341000x8000000000000000240580Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:48.912{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240579Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:48.912{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000240578Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:47.532{6EDEAD03-E1B0-615E-2400-00000000FD01}2760C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local51693- 354300x8000000000000000240577Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:47.528{6EDEAD03-E420-615E-0601-00000000FD01}6016C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local49853-false142.250.186.131fra24s07-in-f3.1e100.net443https 10341000x8000000000000000240576Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:48.601{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000240575Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:48.502{6EDEAD03-E420-615E-0601-00000000FD01}6016ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\permissions.sqlite-journalMD5=852AE1A6EF77825D68BFFB3548E81128,SHA256=E299AFDFBE57B305E28985984B98D96DB1ECC27BC31EBD78859FF32745A1AFD9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000240574Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:48.431{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240573Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:48.399{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240572Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:48.392{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000240571Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:48.392{6EDEAD03-E420-615E-0601-00000000FD01}60165360C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-E423-615E-0801-00000000FD01}5392C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e30|C:\Program Files\Mozilla Firefox\firefox.exe+37d26|C:\Program Files\Mozilla Firefox\firefox.exe+49300|C:\Program Files\Mozilla Firefox\firefox.exe+48ffc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 22542200x8000000000000000240570Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:47.632{6EDEAD03-E420-615E-0601-00000000FD01}6016plus.l.google.com02a00:1450:4001:813::200e;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240569Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:47.622{6EDEAD03-E420-615E-0601-00000000FD01}6016plus.l.google.com0142.250.185.238;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000240568Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:47.621{6EDEAD03-E420-615E-0601-00000000FD01}6016apis.google.com0type: 5 plus.l.google.com;::ffff:142.250.185.238;C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000240567Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-07 12:30:48.308{6EDEAD03-E1C4-615E-7300-00000000FD01}3656NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C80893269CBAD72740BA5B14DF45C3D,SHA256=BED808D2493AA810522322EA9581B25D394C4682A83EF0ACB71AB55FCA475A50,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000214271Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-07 12:30:48.602{49C67628-E878-615E-5E01-00000000FE01}13721948C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-E19D-615E-1D00-00000000FE01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 103